[Samba] adding server aliases after joining to a domain
Michael Tokarev
mjt at tls.msk.ru
Tue Nov 22 11:17:47 UTC 2022
22.11.2022 14:10, Rowland Penny via samba wrote:
> On 22/11/2022 10:20, Kees van Vloten via samba wrote:
>
>>
>> Not sure what you mean exactly but I assume you want to add an SPN to a computer or user object?
>>
>> samba-tool spn add <principal> <acoount>
>>
>> And export the keytab for the account on the client machine
>
> Not required, use a CNAME.
> An SPN is required in the computers object that the CNAME points to and that is what will be used.
When using a CNAME, I'm having an issue I've provided in my first
email in this thread. Here it is again for you, on the server side:
[2022/11/22 13:07:53.558416, 1] ../../source3/librpc/crypto/gse.c:695(gse_get_server_auth_token)
gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/FS at TLS.MSK.RU(kvno 2) in keytab MEMORY:cifs_srv_keytab
(arcfour-hmac-md5)]
with this, auth from windows client to this member server does not work,
and each attempt to login results in the same error message in the log
(above).
Thanks,
/mjt
More information about the samba
mailing list