[Samba] set UPN / SPN from samba-tool.
L.P.H. van Belle
belle at bazuin.nl
Mon Aug 29 17:46:45 UTC 2016
hello Achim,
yes, if you change the
userPrincipalName LDAP attributethats suffient, thats what i changed through the windows tool.
greetz,
Louis
Op 29 aug. 2016 om 19:42 heeft Achim Gottinger via samba <samba at lists.samba.org> het volgende geschreven:
Am 29.08.2016 um 17:17 schrieb L.P.H. van Belle via samba:
No,
That was not sufficient, i had to use the windows tool to change it.
The is the explanation from the developer of squid helper.
/snap
I would say they are bugs. The first “issue” is as you say more about understanding the difference between UPN and SPN and how the tools use them. The helper tries to “authenticate” squid to AD as a user with the found SPN name, so the UPN must be the same as the SPN. There is no easy way to query what the UPN for the SPN is.
Also msktutil (my preferred tool) creates a machine account not a user account in AD. The reason I prefer this is that often user accounts have a global password policy e.g. change every 60 days otherwise it will be locked. machine accounts do not have that limitation. But as I said it is just my preference.
/snap.
Greetz,
Louis
-----Oorspronkelijk bericht-----
Hello Louis,
Aint't it sufficient to export only the http SPN into an keytab file an
pass that top squid?
How did you change the UPN?
achim~
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I always understood SPN's act like aliases for the UPN so that
explanation ist abit odd.
Is it sufficient to change the userPrincipalName LDAP attribute of the
user account? That would work on the linux side.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list