[Samba] Orphan SPN
Oljas Kuzembaev
oljas at oml.su
Thu Nov 25 00:55:14 UTC 2021
On 25.11.2021 1:54, Oljas Kuzembaev wrote:
> On 25.11.2021 1:36, Andrew Bartlett via samba wrote:
>> cifs is in there by default, remove it if you want to break AD badly...
>>
>> ;-)
>>
>> Andrew,
>
> Yes, now I see. I`ve compared with sPNMappings on other domain with
> same environment and they are the same.
>
OK. I`ve misunderstood your clue. Yes I have SPN HOST/oml.su on user www.
And when I export keytab of cifs, that gave me keytab of user www.
Thank you very much again. Now I understand why I have to use HTTP SPN
deliberately.
Just for the archive let me post link, which describes my error wider:
https://blogs.msmvps.com/briandesmond/2010/12/06/active-directory-spn-mappings-and-kerberos/
More information about the samba
mailing list