[Samba] Listing principals in samba4?

Ritter, Marcel - RRZE marcel.ritter at rrze.fau.de
Mon Jul 16 07:35:34 MDT 2012


Hi Quinn,

for Active Directory or Samba 4 DC this may be quite
tricky:

In Active Directory exists a principal alias list, that applies
to all (?) SPN objects - so you may only see a HOST/ principal, but
this one may also be valid for a whole bunch of other names,
like cifs/ ... HTTP/ ... whatever.

s. http://technet.microsoft.com/library/cc731241(WS.10).aspx

A list of aliases can be found here (s. sPNMappings attribute values):

# Directory Service, Windows NT, Services, Configuration, testdomain.org
dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=testdomain,D
 C=org
objectClass: top
objectClass: nTDSService
cn: Directory Service
instanceType: 4
whenCreated: 20120225102013.0Z
whenChanged: 20120225102013.0Z
uSNCreated: 1956
tombstoneLifetime: 180
uSNChanged: 1956
showInAdvancedViewOnly: TRUE
name: Directory Service
objectGUID:: 0/aW88ga30mQG2qs70VoYg==
objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=testdomain,DC=org
sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat
 or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i
 as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora
 ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog
 on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww
 w,http,w3svc,iisadmin,msdtc
msDS-Other-Settings: DisableVLVSupport=0
msDS-Other-Settings: DynamicObjectMinTTL=900
msDS-Other-Settings: DynamicObjectDefaultTTL=86400
distinguishedName: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configura
 tion,DC=testdomain,DC=org

Bye,
    Marcel

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Quinn Plattel
Gesendet: Montag, 16. Juli 2012 14:42
An: samba
Betreff: [Samba] Listing principals in samba4?

Hi,

Is there a way to see what principals exist in the samba4 domain?  I could list the principals in a keytab file, but that does not reflect what is in the samba4 domain.

br,
Quinn
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list