[Samba] Failed to modify SPNs
Adam Xu
adam_xu at adagene.com.cn
Wed Jul 22 08:08:27 UTC 2020
It's a vmware horizon connection server. and I just let the server be a
domain member of the samba AD DC.
I check the event log in windows, and I saw this:
In ADAM(VMwareVDMDS):
# translated by a software
In the last 24 hours, some clients have attempted to perform the
following types of LDAP bindings:
(1) SASL (Negotiated, Kerberos, NTLM, or Digest) LDAP bindings where a
signature (integrity verification) was not requested, or
(2) LDAP simple binding performed on plaintext (non-SSL/TLS encrypted)
connections
This directory server is not currently configured to deny such bindings.
By configuring this directory server to reject such bindings, you can
significantly improve the security of this server. For more information
on how to make such configuration changes to the server, see
http://go.microsoft.com/fwlink/?LinkID=87923.
Summary information about the number of these bindings received in the
last 24 hours is shown below.
You can enable additional logging to record an event each time a client
makes such a binding, including information about which client made the
binding. To do this, increase the setting of the LDAP Interface Events
event logging category to level 2 or higher.
Number of simple bindings performed without SSL/TLS: 0
Number of negotiated/Kerberos/NTLM/digest bindings performed without
signature: 394
在 2020/7/22 15:57, Rowland penny via samba 写道:
> On 22/07/2020 08:52, Adam Xu via samba wrote:
>> I think "after a sql server windows machine join the domain" should
>> be better.
>>
>> Sorry, but I am not a native English speaker.
>
> OK, you are joining a 'windows sql server' to the domain, what is the
> 'windows sql server' and how did you join it ?
>
> Rowland
>
>
>
--
Adam Xu
Phone: 86-512-8777-3585
Adagene (Suzhou) Limited
C14, No. 218, Xinghu Street, Suzhou Industrial Park
More information about the samba
mailing list