[Samba] Error with samba update in debian.
Rowland Penny
rpenny at samba.org
Fri Dec 30 10:55:05 UTC 2016
On Fri, 30 Dec 2016 10:10:07 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai Rowland,
>
> Simply put,
>
> - UPN: An entity performing client requests to some service.
> Entity may be human or machine.
> Source :
> https://msdn.microsoft.com/en-us/library/windows/desktop/ms721629(v=vs.85).aspx#_security_user_principal_name_gly
>
>
> - SPN: An entity processing requests for a specific service, e.g.,
> HTTP, LDAP, SSH, etc. Entity is Machine only.
> Source:
> https://msdn.microsoft.com/en-us/library/windows/desktop/ms721625(v=vs.85).aspx#_security_service_principal_name_gly
>
> And normaly a UPN retrieves a service ticket for an SPN to use that
> actual service.
>
> Now how is this a squid problem if samba-tool does not give the
> options to set an UPN to the machine also. But this is mainly a
> Windows KDC and Unix KDC difference but still.
>
> Resulting that in windows terms we need to set the SPN to a machine
> UPN. Which is always: namehostname$@REALM
>
Quite right, it isn't really a squid problem. Since then, I have taken
a look at the squid code and I cannot find a mention of UPN, but there
are lots of SPN references.
If you look here:
https://msdn.microsoft.com/en-us/library/ms680857%28v=vs.85%29.aspx
You will find this:
By convention, this should map to the user email name.
So by using a UPN instead of an SPN, you are potentially breaking
something.
Rowland
More information about the samba
mailing list