[Samba] Failed to modify SPNs

Adam Xu adam_xu at adagene.com.cn
Wed Jul 22 08:08:27 UTC 2020

It's a vmware horizon connection server. and I just let the server be a 
domain member of the samba AD DC.

I check the event log in windows, and I saw this:


# translated by a software

In the last 24 hours, some clients have attempted to perform the 
following types of LDAP bindings:
(1) SASL (Negotiated, Kerberos, NTLM, or Digest) LDAP bindings where a 
signature (integrity verification) was not requested, or
(2) LDAP simple binding performed on plaintext (non-SSL/TLS encrypted) 

This directory server is not currently configured to deny such bindings. 
By configuring this directory server to reject such bindings, you can 
significantly improve the security of this server. For more information 
on how to make such configuration changes to the server, see 

Summary information about the number of these bindings received in the 
last 24 hours is shown below.

You can enable additional logging to record an event each time a client 
makes such a binding, including information about which client made the 
binding. To do this, increase the setting of the LDAP Interface Events 
event logging category to level 2 or higher.

Number of simple bindings performed without SSL/TLS: 0
Number of negotiated/Kerberos/NTLM/digest bindings performed without 
signature: 394

在 2020/7/22 15:57, Rowland penny via samba 写道:
> On 22/07/2020 08:52, Adam Xu via samba wrote:
>> I think "after a sql server windows machine join the domain" should 
>> be better.
>> Sorry, but I am not a native English speaker.
> OK, you are joining a 'windows sql server' to the domain, what is the 
> 'windows sql server' and how did you join it ?
> Rowland
Adam Xu
Phone: 86-512-8777-3585
Adagene (Suzhou) Limited
C14, No. 218, Xinghu Street, Suzhou Industrial Park

More information about the samba mailing list