[Samba] adding server aliases after joining to a domain
Rowland Penny
rpenny at samba.org
Tue Nov 22 11:05:12 UTC 2022
On 22/11/2022 10:13, Michael Tokarev via samba wrote:
> Hi!
>
> I've added a second name for a server, after it has been successfully
> joined to the
> domain. But how to configure it so it knows its own secondary name(s)
> and request
> kerberos ticket for it?
>
> [2022/11/22 13:07:53.558416, 1]
> ../../source3/librpc/crypto/gse.c:695(gse_get_server_auth_token)
> gss_accept_sec_context failed with [ Miscellaneous failure (see
> text): Failed to find cifs/FS at TLS.MSK.RU(kvno 2) in keytab
> MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>
> This is server named SVFSP, with an alias FS (File Server).
>
> I remember this can be done at the time of join when smb.conf
> has netbios aliases = FS line. But how to add it after the
> join?
>
> BTW, can there be several FSes in the same domain?
>
> Thanks,
>
> /mjt
>
Using 'netbios aliases' went out with NT4-style domains, you now need to
use a CNAME.
You can add one with samba-tool:
samba-tool dns add <server> <zone> <name> CNAME fqdn_string -U Administrator
Where:
<server> is the DC to carry out the modification on.
<zone> is the AD dns domain
<name> is the Alias (what you are are calling the 'netbios alias')
fqdn_string is the fully qualified name that you want the CNAME to point to.
Rowland
More information about the samba
mailing list