[Samba] Orphan SPN
Rowland Penny
rpenny at samba.org
Wed Nov 24 20:50:23 UTC 2021
On Wed, 2021-11-24 at 23:24 +0300, Oljas Kuzembaev via samba wrote:
> Thank you!
>
> I am on FreeBSD and my knowledge of sed is poor. Trying to adapt to
> my
> shell, I`ve butchered your line to this:
>
> # samba-ldbsearch -H ldap://home.oml.su -P -b "dc=oml,dc=su" | grep
> cifs
>
> that lists some osX machines:
>
> servicePrincipalName: cifs/air1411.oml.su
> servicePrincipalName: cifs/macpro2008.oml.su
> servicePrincipalName: cifs/macmini20151116.oml.su
> servicePrincipalName: cifs/macbook-air-150.oml.su
>
> But no sign of SPN cifs/oml.su, which I am looking for.
>
> Is that because of bad interpretation of your line?
No, I wouldn't have thought so. Your search dumps the entire AD and the
grep only prints the lines that contain 'cifs'.
Just as an aside, why is ldbsearch called samba-ldbsearch on freebsd ?
As far as I am aware, only Samba produces ldbsearch, so the 'samba-' is
a bit superfluous.
You could try it like this:
samba-ldbsearch -H ldap://home.oml.su -P -b "dc=oml,dc=su" -s sub
"(servicePrincipalName=cifs/oml.su)" servicePrincipalName
samAccountName
If that doesn't show the SPN, try adding '--cross-ncs' after 'samba-
ldbsearch ' and you could also try adding '--show-deleted' just in case
it is deleted (though I don't think it is)
Rowland
More information about the samba
mailing list