[Samba] Upgrading from Samba 4.8.2 to 4.15.5

Mark Foley mfoley at novatec-inc.com
Tue Jan 31 15:33:57 UTC 2023


On 1/31/23 02:13, Michael Tokarev via samba wrote:
> 31.01.2023 08:55, Matt Savin via samba пишет:
>> In group policies use DNS aliases, then you'll need to change only DNS
>> entries for these aliases to point to a new host(s).
>
> I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs 
> instead
> (see samba-tool spn). This will manage CNAMEs too, and also manages 
> the KRB
> tickets and proper autentication of the server to the client.
> (After changing SPNs for a host, one needs to re-generate keytab).
>
> /mjt
>
Great suggestion! I'll have to investigate that.

1.01.2023 10:13, Michael Tokarev пишет:
> I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs 
> instead

In an AD Domain I mean, not in a DC.

/mjt

This bit is confusing. The DNS runs on the DC, so what do you mean "not 
in a DC"?

--Mark


More information about the samba mailing list