Hi all my samba version is 4.12.5 and when a sql server windows machine join the domain, It shows error in samba : Failed to modify SPNs on CN=SEC-CON03,CN=Computers,DC=domain,DC=com: acl: spn validation failed for spn[E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/SEC-CON03:389] uac[0x1000] account[SEC-CON03$] hostname[SEC-Con03.domain.com] nbname[DOMAIN] ntds[(null)] forest[domain.com] domain[domain.com] There was a discussion on this issue in 2018, but no conclusion was given. https://lists.samba.org/archive/samba/2018-August/217570.html Is there any solution to this problem now? -- yours Adam
Hai, Any windows event ID's related to this? These might be handy. I suggest you read : http://www.scomgod.com/?p=155 On the SQL server, to add the SPN, use: setspn ?A <SPN> <Account> Example: setspn -A MSSQLSvc/SCMVPSCOM01.test.COM:1433 TEST\SVCACCOUNT Does the SQL server has an A and PTR record in the DNS? Do verify that. And there is bit more explained . https://thoughtsonopsmgr.blogspot.com/2012/04/scom-r2-alert-sql-server-cannot.html I think these should help you to fix this. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Adam > Xu via samba > Verzonden: woensdag 22 juli 2020 4:33 > Aan: sambalist > Onderwerp: [Samba] Failed to modify SPNs > > Hi all > > my samba version is 4.12.5 and when a sql server windows machine join > the domain, It shows error in samba : > > Failed to modify SPNs on CN=SEC-CON03,CN=Computers,DC=domain,DC=com: > acl: spn validation failed for > spn[E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/SEC-CON03:389] > uac[0x1000] > account[SEC-CON03$] hostname[SEC-Con03.domain.com] nbname[DOMAIN] > ntds[(null)] forest[domain.com] domain[domain.com] > > There was a discussion on this issue in 2018, but no > conclusion was given. > > https://lists.samba.org/archive/samba/2018-August/217570.html > > Is there any solution to this problem now? > > -- > yours Adam > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On 22/07/2020 03:33, Adam Xu via samba wrote:> Hi all > > my samba version is 4.12.5 and when a sql server windows machine join > the domain, It shows error in samba : > > Failed to modify SPNs on CN=SEC-CON03,CN=Computers,DC=domain,DC=com: > acl: spn validation failed for > spn[E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/SEC-CON03:389] > uac[0x1000] account[SEC-CON03$] hostname[SEC-Con03.domain.com] > nbname[DOMAIN] ntds[(null)] forest[domain.com] domain[domain.com]You could have a bigger problem here, 'E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM' probably means AD LDS, which means no global catalogue. Not sure this is meant to work, so what Windows DC is this ? Rowland
Hi Rowland I have no windows DC but only 2 samba AD DCs. This error has been happening for years. I don't know what's the error means and what shoud I do in samba AD DC or Windows domain members. ? 2020/7/22 15:14, Rowland penny via samba ??:> On 22/07/2020 03:33, Adam Xu via samba wrote: >> Hi all >> >> my samba version is 4.12.5 and when a sql server windows machine join >> the domain, It shows error in samba : >> >> Failed to modify SPNs on CN=SEC-CON03,CN=Computers,DC=domain,DC=com: >> acl: spn validation failed for >> spn[E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/SEC-CON03:389] >> uac[0x1000] account[SEC-CON03$] hostname[SEC-Con03.domain.com] >> nbname[DOMAIN] ntds[(null)] forest[domain.com] domain[domain.com] > > You could have a bigger problem here, > 'E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM' probably means AD LDS, > which means no global catalogue. Not sure this is meant to work, so > what Windows DC is this ? > > Rowland > > >-- Adam Xu Phone: 86-512-8777-3585 Adagene (Suzhou) Limited C14, No. 218, Xinghu Street, Suzhou Industrial Park
Adam, you already tried my suggestions? What do you see here:> Failed to modify SPNs on CN=SEC-CON03,CN=Computers,DC=domain,DC=com: > acl: spn validation failed for ...^^^^^^ So read the links below and post your results The event id you showed, for now can be ignored. Inrelevant (for now). And mostlikly wil disapear when you added/fixed the "correct" spn's On topic for that event id you showed. https://support.microsoft.com/en-us/help/935834/how-to-enable-ldap-signing-i n-windows-server The fix. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: woensdag 22 juli 2020 8:55 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Failed to modify SPNs > > Hai, > > Any windows event ID's related to this? These might be handy. > I suggest you read : http://www.scomgod.com/?p=155 > > On the SQL server, to add the SPN, use: > setspn -A <SPN> <Account> > Example: setspn -A MSSQLSvc/SCMVPSCOM01.test.COM:1433 TEST\SVCACCOUNT > > Does the SQL server has an A and PTR record in the DNS? Do > verify that. > > And there is bit more explained . > https://thoughtsonopsmgr.blogspot.com/2012/04/scom-r2-alert-sq > l-server-cannot.html > > I think these should help you to fix this. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Adam > > Xu via samba > > Verzonden: woensdag 22 juli 2020 4:33 > > Aan: sambalist > > Onderwerp: [Samba] Failed to modify SPNs > > > > Hi all > > > > my samba version is 4.12.5 and when a sql server windows > machine join > > the domain, It shows error in samba : > > > > Failed to modify SPNs on > CN=SEC-CON03,CN=Computers,DC=domain,DC=com: > > acl: spn validation failed for > > spn[E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/SEC-CON03:389] > > uac[0x1000] > > account[SEC-CON03$] hostname[SEC-Con03.domain.com] nbname[DOMAIN] > > ntds[(null)] forest[domain.com] domain[domain.com] > > > > There was a discussion on this issue in 2018, but no > > conclusion was given. > > > > https://lists.samba.org/archive/samba/2018-August/217570.html > > > > Is there any solution to this problem now? > > > > -- > > yours Adam > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >