[Samba] kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)
Kacper Wirski
k.wirski at babkamedica.pl
Sun Mar 19 22:06:50 UTC 2017
To be more precise, live migration works, but only when started directly
from the hyper-v that I'm directly logged into (via RDP for example), as
in: logged into host A, I can live migrate from host A to host B, to
migrate the other way round I have to log into host B first and start
migration there.
Bug must be somewhere within kerberos constrained delegation or maybe
it's still connected to the weird hyper-v SPN's (weird as in: with
whitespaces within their names) and my proposed workaround to get
anything started (hyper-v replica and live migration with
aforementioned limitations).
I've tried to read up more on possible causes for the kerberos error,
but I'm too much of a newbie to have any chance to truly understand
what's not working. Or even if it's supposed to work at all.
Anyway I made a further test and I created a simple 2 node Hyper-V
failover cluster on top of those hyper-v hosts used earlier, and within
the cluster live migration works perfectly in every direction imagined
(when using failover cluster manager, I can live migrate VM from host a
to host b, then directly from host b to host a without changing machines
i'm logged into), but then again it is overall a lot complicated
solution which I'm not ready to use in production yet.
Overall some issues I did manage to solve, so I guess that's that. :-)
W dniu 2017-03-19 o 21:18, Luke Bigum via samba pisze:
> Hello,
>
> This won't be a very helpful reply, but I can confirm I've had the exact same issue. I ran into this a few years ago and could not get HyperV migrations to work with a Samba DC. I even went so far as to install a Windows DC just to prove to myself that it is supposed to work, and it does, perfectly (with ADDC it even creates all the SPNs for you auto-magically).
>
> Unfortunately at the time I was focused on a Windows VM Disaster Recovery problem, so ended up dropping HyperV entirely in favour of KVM and DRBD. As such, I never raised a bug with Samba or Catalyst about this - I probably should have :-/ Sorry I can't be of more help other than to add my voice to "there is a bug somewhere in Samba".
>
More information about the samba
mailing list