[Samba] Principal is a computer account - why
L.P.H. van Belle
belle at bazuin.nl
Wed Sep 1 12:58:58 UTC 2021
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Meike Stone via samba
> Verzonden: woensdag 1 september 2021 14:41
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Principal is a computer account - why
> Am Mi., 1. Sept. 2021 um 11:38 Uhr schrieb Rowland Penny via samba
> <samba at lists.samba.org>:
> > On Wed, 2021-09-01 at 11:15 +0200, Meike Stone via samba wrote:
> > > Hello dear list,
> > >
> > > I have running a samba instance, users can access the share.
> > > On the Client (name: computer01), the share is connected via
> > > net use x: \\samba01\share01
> > >
> > > But often I see in the log
> > > "Kerberos ticket principal name is [computer01$@ADDOMAIN.NET]"
> > > But this is a computer account and not known on the server.
> > >
A computer account, of a domain join computer, is a basily, a user account with $ behind it.
And kerberos specifies that authentication come from a known machine with a timestamp
that matches the authentication server (domain controller).
The computer password is how AD ensures that the machine is known.
It's not available to the user.
I dont see any wrongs in these log part.
But you might want to cleanup your smb.conf.
Thats one i saw few things as did Rowland.
In general, less is better in smb.conf.
More information about the samba