[Samba] adding server aliases after joining to a domain
Kees van Vloten
keesvanvloten at gmail.com
Tue Nov 22 10:20:18 UTC 2022
Op 22-11-2022 om 11:13 schreef Michael Tokarev via samba:
> Hi!
>
> I've added a second name for a server, after it has been successfully
> joined to the
> domain. But how to configure it so it knows its own secondary name(s)
> and request
> kerberos ticket for it?
>
> [2022/11/22 13:07:53.558416, 1]
> ../../source3/librpc/crypto/gse.c:695(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see
> text): Failed to find cifs/FS at TLS.MSK.RU(kvno 2) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>
> This is server named SVFSP, with an alias FS (File Server).
Not sure what you mean exactly but I assume you want to add an SPN to a
computer or user object?
samba-tool spn add <principal> <acoount>
And export the keytab for the account on the client machine
>
> I remember this can be done at the time of join when smb.conf
> has netbios aliases = FS line. But how to add it after the
> join?
>
> BTW, can there be several FSes in the same domain?
>
> Thanks,
>
> /mjt
>
More information about the samba
mailing list