Marco Gaiarin
2017-Dec-14 14:51 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is 'vdmsv1.ad.fvg.lnf.it', i need to do:> samba-tool spn add host/vdmsv1.ad.fvg.lnf.it filesv.ad.fvg.lnf.itRight?! Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Marco Gaiarin
2017-Dec-18 14:24 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
> Ahem no one reply me.Still no feedback. I've done some test by myself. a) i've added in smb.conf: netbios aliases = CUPSSV FILESV b) i've registered the alias as SPNs, now i've: root at vdcsv1:~# samba-tool spn list vdmsv1$ vdmsv1$ User CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it has the following servicePrincipalName: HOST/VDMSV1 HOST/vdmsv1.ad.fvg.lnf.it HOST/filesv.ad.fvg.lnf.it HOST/FILESV HOST/CUPSSV HOST/cupssv.ad.fvg.lnf.it (for google, the correct commandline seems: samba-tool spn add HOST/cupssv.ad.fvg.lnf.it vdmsv1$ ) c) still does not work; if i browse the network i can see the 'FILESV' host/server, but i cannot open it (give a generic/unknown error). Could be that there's no DNS records? root at vdcsv1:~# host filesv.ad.fvg.lnf.it Host filesv.ad.fvg.lnf.it not found: 3(NXDOMAIN) I've to add that, via 'samba-tool dns add'? I've to add 'A' records or i can add 'CNAME'? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
L.P.H. van Belle
2017-Dec-18 14:51 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
Hai Marco, I dont get what your goal is, sorry.. :-/ If you follow this template. The computername should always have an A + PTR recored. Now create an CNAME and point to the computer name, and this one can be in any zone. Does not have to be the primary dns zone, as long as the zones are withing the kerberos domain. On a member you have, by default : dns proxy = yes , man smb.conf for the info. But since samba-ad-dc does not run NMBD i dont think what your trying below is going to work. But i think, not sure about it. And, sorry, but can you explain a bit more what your trying to do. You want cups with kerberos auth? You only need the host/spn. All i have is : HOST/PRINT1 HOST/print1.internal.example.com Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: maandag 18 december 2017 15:24 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] [Curiosity] 'netbios aliases' works in AD mode? > > > > Ahem no one reply me. > > Still no feedback. I've done some test by myself. > > a) i've added in smb.conf: > > netbios aliases = CUPSSV FILESV > > b) i've registered the alias as SPNs, now i've: > > root at vdcsv1:~# samba-tool spn list vdmsv1$ > vdmsv1$ > User > CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,D > C=it has the following servicePrincipalName: > HOST/VDMSV1 > HOST/vdmsv1.ad.fvg.lnf.it > HOST/filesv.ad.fvg.lnf.it > HOST/FILESV > HOST/CUPSSV > HOST/cupssv.ad.fvg.lnf.it > > (for google, the correct commandline seems: > samba-tool spn add HOST/cupssv.ad.fvg.lnf.it vdmsv1$ > ) > > c) still does not work; if i browse the network i can see the 'FILESV' > host/server, but i cannot open it (give a generic/unknown error). > > > Could be that there's no DNS records? > > root at vdcsv1:~# host filesv.ad.fvg.lnf.it > Host filesv.ad.fvg.lnf.it not found: 3(NXDOMAIN) > > I've to add that, via 'samba-tool dns add'? I've to add 'A' records or > i can add 'CNAME'? > > > Thanks. > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via della Bontà, 7 - 33078 - San Vito al > Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Rowland Penny
2017-Dec-18 15:00 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
On Mon, 18 Dec 2017 15:24:16 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> > > Ahem no one reply me. > > Still no feedback. I've done some test by myself. > > a) i've added in smb.conf: > > netbios aliases = CUPSSV FILESV > > b) i've registered the alias as SPNs, now i've: > > root at vdcsv1:~# samba-tool spn list vdmsv1$ > vdmsv1$ > User > CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it > has the following servicePrincipalName: HOST/VDMSV1 > HOST/vdmsv1.ad.fvg.lnf.it HOST/filesv.ad.fvg.lnf.it > HOST/FILESV > HOST/CUPSSV > HOST/cupssv.ad.fvg.lnf.it > > (for google, the correct commandline seems: > samba-tool spn add HOST/cupssv.ad.fvg.lnf.it vdmsv1$ > ) > > c) still does not work; if i browse the network i can see the 'FILESV' > host/server, but i cannot open it (give a generic/unknown error). > > > Could be that there's no DNS records? > > root at vdcsv1:~# host filesv.ad.fvg.lnf.it > Host filesv.ad.fvg.lnf.it not found: 3(NXDOMAIN) > > I've to add that, via 'samba-tool dns add'? I've to add 'A' records or > i can add 'CNAME'? > > > Thanks. >I am wondering if you are mixing up netbios and dns here ? netbios is what the earlier workgroups and NT4-style domains used to find each other, or in other words 'network browsing' If you are not using SMB1 (and you really shouldn't be) you will not be using 'network browsing'. Why do you think you need 'netbios aliases' ? Rowland
Marco Gaiarin
2017-Dec-18 15:24 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
Mandi! L.P.H. van Belle via samba In chel di` si favelave...> I dont get what your goal is, sorry.. :-/And Rowland:> Why do you think you need 'netbios aliases' ?Simply: i was (ab)used to have, in my NT domain, some aliases for my servers, so i can change servers (and move services) but keeping things consistent. Eg, all my printers are connected to \\CUPS\\<printername>, and my main share is \\FILE\Work . Ever. Because 'CUPS' and 'FILE' are aliases of my servers. Some weeks ago i've asked if samba in AD mode can have server aliases, as 'netbios aliases' had in NT mode. Someone (Andrew, https://lists.samba.org/archive/samba/2017-December/212597.html) reply me, 'yes', you have to set 'netbios aliases' but also add 'SPN'. I'm simply trying to figure out how to do that, and i'm simply noted that there's no DNS record for the aliases, as expected (ok, at least as i expect ;). I hope i'm clear, now. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
L.P.H. van Belle
2017-Dec-18 15:45 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
Hai Marco, Yes, now its clear. Just do as i did say, and you wil see it works. Andrew is wrong here imo, you dont need netbios aliases, but CNAMES in the dns. And if you dns is setup ok, this wil work fine, i know, runs fine here. About 70% of my hosts are accessed by CNAMES. Key to do, A + PTR, check if kerberos works, then create CNAME. If you access by CNAME, Kerberos wil use the original hostname it points to. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: maandag 18 december 2017 16:24 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] [Curiosity] 'netbios aliases' works in AD mode? > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > I dont get what your goal is, sorry.. :-/ > > And Rowland: > > > Why do you think you need 'netbios aliases' ? > > > Simply: i was (ab)used to have, in my NT domain, some aliases for my > servers, so i can change servers (and move services) but > keeping things > consistent. > > Eg, all my printers are connected to \\CUPS\\<printername>, > and my main > share is \\FILE\Work . Ever. > Because 'CUPS' and 'FILE' are aliases of my servers. > > > Some weeks ago i've asked if samba in AD mode can have server aliases, > as 'netbios aliases' had in NT mode. > > Someone (Andrew, > https://lists.samba.org/archive/samba/2017-December/212597.html) > reply me, 'yes', you have to set 'netbios aliases' but also add 'SPN'. > > > I'm simply trying to figure out how to do that, and i'm simply noted > that there's no DNS record for the aliases, as expected (ok, at least > as i expect ;). > > > I hope i'm clear, now. > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via della Bontà, 7 - 33078 - San Vito al > Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >