[Samba] set UPN / SPN from samba-tool.
rpenny at samba.org
Tue Aug 30 14:51:32 UTC 2016
On Tue, 30 Aug 2016 16:25:03 +0200
mathias dufresne <infractory at gmail.com> wrote:
> 2016-08-30 16:10 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
> > On Tue, 30 Aug 2016 15:58:13 +0200
> > mathias dufresne via samba <samba at lists.samba.org> wrote:
> > > And reading last mails comforts me in believing the filter used by
> > > client side to retrieve user is not correct, that filter should
> > > use SPN then you won't need to set up SPN into UPN field.
> > >
> > I think the problem is the way Louis is creating the SPN, all the
> > info I have found on the internet, seems to assume you will use a
> > computer account and not a user account.
> > Even Squids own page tells you to use a computer account:
> > http://wiki.squid-cache.org/ConfigExamples/Authenticate/
> > WindowsActiveDirectory
> > Rowland
> > Hi Rowland,
> As DNS back end when configured to use Bind+DLZ is authenticating DNS
> user (dns-<DCname>) using SPN, as this user do not have objectclass
> "computer" set, I would say we can create user which are not computer
> with SPN. Don't you agree?
Yes of course you can, but Louis is changing the users UPN into an SPN
in all but name.
More information about the samba