[Samba] Orphan SPN

[Rowland Penny]

On Thu, 2021-11-25 at 00:13 +0300, Oljas Kuzembaev via samba wrote:
> On 24.11.2021 23:50, Rowland Penny via samba wrote:
> > Just as an aside, why is ldbsearch called samba-ldbsearch on
> > freebsd ?
> There is a standalone port of ldb 
> (https://www.freshports.org/databases/ldb22), but it lacks 
> functionality. So binary in samba port called  samba-ldbsearch.
> > You could try it like this:
> > 
> > samba-ldbsearch -H ldap://home.oml.su -P -b "dc=oml,dc=su" -s sub
> > "(servicePrincipalName=cifs/oml.su)" servicePrincipalName
> > samAccountName
> > 
> > If that doesn't show the SPN, try adding '--cross-ncs' after
> > 'samba-
> > ldbsearch ' and you could also try adding '--show-deleted' just in
> > case
> > it is deleted (though I don't think it is)
> > 
> > Rowland
> >   
> ldb_wrap open of secrets.ldb
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'http_negotiate' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> resolve_lmhosts: Attempting lmhosts lookup for name home.oml.su<0x20>
> # Referral
> ref: ldap://oml.su/CN=Configuration,DC=oml,DC=su
> 
> # Referral
> ref: ldap://oml.su/DC=DomainDnsZones,DC=oml,DC=su
> 
> # Referral
> ref: ldap://oml.su/DC=ForestDnsZones,DC=oml,DC=su
> 
> # returned 3 records
> # 0 entries
> 
> # 3 referrals
> 
> 
> Still no related output.  '--cross-ncs' and '--show-deleted' also
> not 
> much different.
> 

Then by the look of it, the SPN doesn't exist in AD, is there a keytab
? if so, delete it and then recreate it.

Rowland