[Samba] set UPN / SPN from samba-tool.
Rowland Penny
rpenny at samba.org
Tue Aug 30 14:51:32 UTC 2016
On Tue, 30 Aug 2016 16:25:03 +0200
mathias dufresne <infractory at gmail.com> wrote:
> 2016-08-30 16:10 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
>
> > On Tue, 30 Aug 2016 15:58:13 +0200
> > mathias dufresne via samba <samba at lists.samba.org> wrote:
> >
> > > And reading last mails comforts me in believing the filter used by
> > > client side to retrieve user is not correct, that filter should
> > > use SPN then you won't need to set up SPN into UPN field.
> > >
> >
> > I think the problem is the way Louis is creating the SPN, all the
> > info I have found on the internet, seems to assume you will use a
> > computer account and not a user account.
> >
> > Even Squids own page tells you to use a computer account:
> >
> > http://wiki.squid-cache.org/ConfigExamples/Authenticate/
> > WindowsActiveDirectory
> >
> > Rowland
> >
> >
> > Hi Rowland,
>
> As DNS back end when configured to use Bind+DLZ is authenticating DNS
> user (dns-<DCname>) using SPN, as this user do not have objectclass
> "computer" set, I would say we can create user which are not computer
> with SPN. Don't you agree?
Yes of course you can, but Louis is changing the users UPN into an SPN
in all but name.
Rowland
More information about the samba
mailing list