[Samba] SPNs for a samba server

Michael Tokarev mjt at tls.msk.ru
Tue Jan 21 09:51:26 UTC 2025


Hi!

I'm not sure I understand how SPNs are registered in the AD domain.
I know when a regular samba server is joined to an AD domain, a few
SPNs are registered - namely, CIFS/$netbios_name and each for
CIFS/$netbios_aliases (where netbios name and netbios aliases are
the parameters in smb.conf - yes I know these are obsolete, but in
this case they're actually used for non-obsolete task).

Is there a list of other SPNs - for other names this server is known
as - which should be registered too, or is it done later?

A windows machine register CIFS/name and CIFS/name.domain principals,
but samba does not do this when joining - when and by whom the other
name should be registered?

Can one add some principals to smb.conf so it gets registered
automatically, or should it be done by an AD administrator?

Thanks,

/mjt



More information about the samba mailing list