[Samba] Why is smbd looking for Kerberos principal cifs/host at DOMB when it is a member of DOMA?

[L.P.H. van Belle]

Good Morning Rowland.  

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: woensdag 20 november 2019 10:02
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Why is smbd looking for Kerberos 
> principal cifs/host at DOMB when it is a member of DOMA?
> 
> On 20/11/2019 08:26, L.P.H. van Belle via samba wrote:
> > Your config looks ok, as far i can tell.
> >
> > This :  "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
> > As it should spn/hostname.fqdn at REALM nothing wrong with that.
> >
> > But if i understand it right.
> >
> > Your server : kvm7246-vm022.maas.local is in REALM : 
> TC83.LOCAL  ( NTDOM:TC83 )
> 
> I have been looking at this thinking 'should I reply' and 
> after that I think I must ;-)

If you think "should I reply" then yes please, always..  :-) 

> 
> The server with the FQDN of kvm7246-vm022.maas.local cannot be in the 
> REALM TC84.LOCAL, it would have to be kvm7246-vm022.tc84.local

Not entirely.. Or at least, its not obligated to have the DNSdomain in REALM. 

You can have. 
kvm7246-vm022.maas.local 
 while REALM can be : @LETS.DONT.CARE.ABOUT.REALM 

You can also have. 

kvm7246-vm022.maas.local And kvm7246-vm022.maas.local 
Where  ( by example ) 
kvm7246-vm022.maas.local is 192.168.0.1 AND kvm7246-vm022.maas.local is 10.1.2.3 
Here 
kvm7246-vm022.maas.local 192.168.0.1 is in REALM: @LETS.DONT.CARE.ABOUT.REALM  
And the other 10.1.2.3 is in @LETS.CARE.ABOUT.REALM 

This is resolving, that needs to be verified first before we can change/advice samba changes.
That group change is not that big, so that should be ok but I suspect a routing/resolving problems in this case. 

And just asking.. 
 '@TC83\domain users' 'TC84\domain users' << 

On purpus that the TC84 is not having the @ ? 


Greetz,

Louis