[Samba] set UPN / SPN from samba-tool.
mathias dufresne
infractory at gmail.com
Tue Aug 30 14:25:03 UTC 2016
2016-08-30 16:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Tue, 30 Aug 2016 15:58:13 +0200
> mathias dufresne via samba <samba at lists.samba.org> wrote:
>
> > And reading last mails comforts me in believing the filter used by
> > client side to retrieve user is not correct, that filter should use
> > SPN then you won't need to set up SPN into UPN field.
> >
>
> I think the problem is the way Louis is creating the SPN, all the info
> I have found on the internet, seems to assume you will use a computer
> account and not a user account.
>
> Even Squids own page tells you to use a computer account:
>
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/
> WindowsActiveDirectory
>
> Rowland
>
>
> Hi Rowland,
As DNS back end when configured to use Bind+DLZ is authenticating DNS user
(dns-<DCname>) using SPN, as this user do not have objectclass "computer"
set, I would say we can create user which are not computer with SPN. Don't
you agree?
More information about the samba
mailing list