[Samba] Upgrading from Samba 4.8.2 to 4.15.5
Kees van Vloten
keesvanvloten at gmail.com
Tue Jan 31 18:55:26 UTC 2023
On 31-01-2023 18:17, Michael Tokarev via samba wrote:
> 31.01.2023 18:33, Mark Foley via samba wrote:
>
>> 1.01.2023 10:13, Michael Tokarev wrote:
>>> I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs
>>> instead
>>
>> In an AD Domain I mean, not in a DC.
>
>> This bit is confusing. The DNS runs on the DC, so what do you mean
>> "not in a DC"?
>
> I wanted to write "don't use simple DNS aliases in an AD", - but I
> wrote "in a DC"
> instead. The second email meant to correct that typo.
>
> /mjt
>
I just added an SPN to a computer:
samba-tool spn add 'http/test.example.com.lan' 'myserver$'
But I don't see the name resolving through DNS:
host test.example.com
Host test.example.com not found: 3(NXDOMAIN)
While I agree an SPN is quite handy especially for kerberos
authentication, it looks like it does not do anything to allow resolving
the host by SPN-name / cname. If you ask me it is still necessary to add
a cname record to DNS.
- Kees.
More information about the samba
mailing list