[Samba] Orphan SPN
Oljas Kuzembaev
oljas at oml.su
Wed Nov 24 18:55:43 UTC 2021
I think I got orphan SPN in KDC. I want to remove it, but I cant find
user of that SPN.
That is why I think it is actually an orphan SPN:
#samba-tool domain exportkeytab orphan.keytab --principal=cifs/oml.su
Output gives me keys.
But then, also this works:
#samba-tool spn add cifs/oml.su oljas
#samba-tool spn delete cifs/oml.su oljas
And then, this still works:
#samba-tool domain exportkeytab orphan.keytab --principal=cifs/oml.su
I`ve tried to search SPN via ldapsearch, powershell and in ADUC going on
objects one by one. Cant track it.
I think, that this SPN was created by me years ago for some
insignificant reason. But I cannot recall how I did it. Since then DFL
was reised from 2003 to 2008, if that matter.
Is there any way to find out which user holds that SPN, or is there any
way to remove it?
More information about the samba
mailing list