[Samba] Server not found in Kerberos database trying to ssh a into a linux server joined to an AD domain
L.P.H. van Belle
belle at bazuin.nl
Mon Jul 17 07:19:23 UTC 2017
> > >
> >
> > As far as I am aware, your AD realm must be the same as your dns
> > domain (not to be confused with a NetBIOS domain name), so I don't
> > think this is going to work as is.
AD REALM and DNS Domain are 2 different things.
You can have multple dns domains with other names then the REALM domains.
But its more complex to configure.
> >
> > Your other problem: neither sssd or adcli are Samba products and as
> > you are using them, you are asking in the wrong place, try the
> > sssd-users mailing list.
> >
> > Rowland
>
> Thanks for the reply.
>
> Ok, I think I got a workaround. By adding a suffix ("_L") to
> the netbios name of servera.foo.bar the problem goes away.
>
> But I am still curious.
>
> Regardless if it's linux or windows clients, I can arrive at
> the same problem by only using pdbedit and samba-tool on one
> of the DCs to create computer accounts and SPNs. And I think,
> I am doing nothing illegal.
>
> I haven't looked at the code but to me it seems like whatever
> builds the ldb query I mentioned above assumes that the cn of
> a computer account (which is the netbios name) always is the
> hostname. Which might not be true.
> Can anybody comment on that?
adcli join ?
If this works the same as msktutil
which creates a user and sets the needed options then your real hostname and "joined_hostname" are different.
But same here, i dont know SSSD, you might need to ask the sssd list.
>
> Andre
>
>
Louis
More information about the samba
mailing list