[Samba] set UPN / SPN from samba-tool.
L.P.H. van Belle
belle at bazuin.nl
Mon Aug 29 15:17:32 UTC 2016
No,
That was not sufficient, i had to use the windows tool to change it.
The is the explanation from the developer of squid helper.
/snap
I would say they are bugs. The first “issue” is as you say more about understanding the difference between UPN and SPN and how the tools use them. The helper tries to “authenticate” squid to AD as a user with the found SPN name, so the UPN must be the same as the SPN. There is no easy way to query what the UPN for the SPN is.
Also msktutil (my preferred tool) creates a machine account not a user account in AD. The reason I prefer this is that often user accounts have a global password policy e.g. change every 60 days otherwise it will be locked. machine accounts do not have that limitation. But as I said it is just my preference.
/snap.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Hello Louis,
>
> Aint't it sufficient to export only the http SPN into an keytab file an
> pass that top squid?
> How did you change the UPN?
>
> achim~
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list