[Samba] Principal is a computer account - why

Andrew Bartlett abartlet at samba.org
Wed Sep 1 19:30:52 UTC 2021


On Wed, 2021-09-01 at 11:15 +0200, Meike Stone via samba wrote:
> Hello dear list,
> 
> I have running a samba instance, users can access the share.
> On the Client (name: computer01), the share is connected via
> net use x: \\samba01\share01
> 
> But often I see in the log
> "Kerberos ticket principal name is [computer01$@ADDOMAIN.NET]"
> But this is a computer account and not known on the server.
> 
> Does anybody have any clue why there are such requests are coming
> from
> the client?

It just does that.  The client PC has an account in AD and will use it
to contact servers for local operations that happen as 'SYSTEM' on that
PC.  The authenticated user will also make contact, and the two
authorized sessions are handled distinctly by Samba.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions




More information about the samba mailing list