[Samba] Orphan SPN
Oljas Kuzembaev
oljas at oml.su
Wed Nov 24 22:54:49 UTC 2021
On 25.11.2021 1:36, Andrew Bartlett via samba wrote:
> cifs is in there by default, remove it if you want to break AD badly...
>
> ;-)
>
> Andrew,
Yes, now I see. I`ve compared with sPNMappings on other domain with same
environment and they are the same.
But if I run this line on other domain:
samba-tool domain exportkeytab cifs.keytab --principal=cifs/other.domain
it gives no keytab file in output.
But somehow keytab is created on domain in question.
I got trouble on access to smb://oml.su directly by domain name. No
problem with smb://home.oml.su, which is my dc dns name.
I can access smb://other.domain. The only difference i`ve between them
is a lack of cifs/other.domain SPN on other domain.
There is records in debug log.samba mention key cifs/oml.su and I did
not found this lines on other domain.
So I thought if I could make them identical that would help.
More information about the samba
mailing list