On 25.11.2021 1:22, Andrew Bartlett via samba wrote:> Look for host/omu.su > > There is an attribute sPNMappings that controls the mapping between > host and the services it implicitly aliases, so the cifs/ entry (and > http/ along with many others) don't need to be listed explicitly on > every service.Thats it! CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=oml,DC=su sPNMappings was modified with addition of "cifs", which was giving me trouble. Thank you so much!
On Thu, 2021-11-25 at 01:34 +0300, Oljas Kuzembaev via samba wrote:> On 25.11.2021 1:22, Andrew Bartlett via samba wrote: > > Look for host/omu.su > > > > There is an attribute sPNMappings that controls the mapping between > > host and the services it implicitly aliases, so the cifs/ entry > > (and > > http/ along with many others) don't need to be listed explicitly on > > every service. > > Thats it! > > CN=Directory Service,CN=Windows > NT,CN=Services,CN=Configuration,DC=oml,DC=su > > sPNMappings was modified with addition of "cifs", which was giving > me > trouble.cifs is in there by default, remove it if you want to break AD badly... ;-) Andrew, -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
On Thu, 2021-11-25 at 01:34 +0300, Oljas Kuzembaev via samba wrote:> On 25.11.2021 1:22, Andrew Bartlett via samba wrote: > > Look for host/omu.su > > > > There is an attribute sPNMappings that controls the mapping between > > host and the services it implicitly aliases, so the cifs/ entry > > (and > > http/ along with many others) don't need to be listed explicitly on > > every service. > > Thats it! > > CN=Directory Service,CN=Windows > NT,CN=Services,CN=Configuration,DC=oml,DC=su > > sPNMappings was modified with addition of "cifs", which was giving > me > trouble. > > Thank you so much!You learn something new every day, but it still doesn't explain why I do not actually get a keytab. Just to get my head around this, does this mean that you do not have to add an SPN such 'cifs/samdom.example.com' if 'host/samdom.example.com' exists ? Rowland