Andrew Bartlett
2017-Dec-07  10:31 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
On Thu, 2017-12-07 at 10:48 +0100, Marco Gaiarin via samba wrote:> Mandi! Andrew Bartlett via samba > In chel di` si favelave... > > > > This lead me to another question: in this way, aliases are ''domain > > > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and > > > another DM aliased 'file' in another LAN, as was used before with NT > > > like domains (two different domains). > > Correct, you can't use the different netbios namespaces to do that. > > Not that real NT4 allowed different netbios namespaces either, but all > > sorts of games were possible (I've done that myself back in the day > > with Samba). > > Good to know. Thanks. > > > > You can't even use DNS search paths on the clients and then fully > > qualfied aliases as the client will ask for a ticket for exactly the > > name stated, not the FQDN as this avoids in-secure DNS being an attack > > point. > > Mmmhhh... i try to do an example. > > Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it' > in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in > LAN 2. > > If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2 > 'pp.lnf.it', i cannot alias 'file' on both because the ticket get asked > for 'vdmsv1.ad.fvg.lnf.it' and 'vdmpp1.ad.fvg.lnf.it'. Right?No, it will ask for 'file'. If the servicePrincipalName is not unique, the lookup will fail. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Marco Gaiarin
2017-Dec-07  14:20 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
Mandi! Andrew Bartlett via samba In chel di` si favelave...> No, it will ask for 'file'. If the servicePrincipalName is not unique, > the lookup will fail.OK. Thanks. Sorry again, but really i don't find examples for SPN definition. The commandline: samba-tool spn add host/vdmsv1.ad.fvg.lnf.it file.ad.fvg.lnf.it is corect to define alias 'FILE' for domain member 'vdmsv1'? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Marco Gaiarin
2017-Dec-14  14:51 UTC
[Samba] [Curiosity] 'netbios aliases' works in AD mode?
Ahem no one reply me. A little fast-rewind: i need to have some 'aliases' to my servers (DM); seems i need to add in smb.conf: netbios aliases = FILESV but also add a 'SPN'; trying to look around for an examples, lead me to ''nothing'', or to examples that seems to me unrelated. Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host is 'vdmsv1.ad.fvg.lnf.it', i need to do:> samba-tool spn add host/vdmsv1.ad.fvg.lnf.it filesv.ad.fvg.lnf.itRight?! Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)