[Samba] [Fwd: Joining AD - wrong DNS name, wrong keytab]
Jan Zháňal
jan.zhanal at invasys.com
Tue Oct 13 09:33:56 UTC 2020
Thank you for input!
UPN is set OK - client.base.example.com (as it is specified in join
command).
SPN is not. And it is as well confusing - I can provide UPN, but cannot
say what will be in SPN.
But if this is working as designed, I cease any questions.
The DNS setup is done to easily distinguish between servers and cliens
mainly as well as other services.
J.
On Tue, 2020-10-13 at 09:32 +0100, Rowland penny via samba wrote:
> On 13/10/2020 09:10, Jan Zháňal via samba wrote:
> > Maybe I wrote it misleading, its just a DNS name, not whole active
> > directory subdomain.
> >
> > Jan
> >
> OK, lets us suppose that your AD uses the 'example.com' dns domain,
> this
> means your Kerberos realm will be 'EXAMPLE.COM'. You then want to
> join a
> computer in the 'base.example.com' dns domain, why ? and why do think
> it
> should work ?
>
> The computer you are joining to a Samba AD domain should be in the
> AD
> dns domain, whilst it may join with an incorrect dns domain, any UPN
> and
> SPN's created will use the correct REALM for the AD domain.
>
> Rowland
>
>
>
More information about the samba
mailing list