[Samba] added spn and exported keytab not match
Mike Lykov
combr at samges.ru
Thu Nov 30 16:40:25 UTC 2017
30.11.2017 14:00, Rowland Penny via samba пишет:
>> I am add user with RSAT and add SPN for it with samba-tool (like
>> https://wiki.samba.org/index.php/Generating_Keytabs):
>> --------------------
>> root at ad41:/# samba-tool spn list proxy
>> proxy
>> User CN=proxy,CN=Users,DC=dc,DC=S****,DC=ru has the following
>> servicePrincipalName:
>> HTTP/proxy.S****.ru at DC.S****.RU
>> host/proxy.S****.ru at DC.S****.RU
>
> I am not an expert on squid by any means, but you seem to be adding
> SPNs meant for a computer account to a user account i.e.
> 'proxy.S****.ru' would be a FQDN.
> Also, the 'S****.ru' should 'dc.s****.ru'
Thanks for the idea. Here:
DC.S****.RU is a kerberos realm and domain name
proxy.s***.ru is a hostname of proxy server with squid
it is NOT joined to domain
hostname is a FQDN, but not in dc.s****.ru zone
(there is some servers not joined to domain and have FQDN in s****.ru
zone, and some workstations and servers joined to domain in dc.s****.ru
zone)
on servers not joined to domain configured own, not ADDC dns servers
Are there possibility to configure kerberos auth without joining server
to domain and use ADDC dns servers?
> I think you are going to have to wait until Louis gets over the flu, he
> is the expert on squid ;-)
I saw this sadly news and best wishes to him too ;)
--
Mike
More information about the samba
mailing list