Michael Tokarev
2022-Nov-22 10:13 UTC
[Samba] adding server aliases after joining to a domain
Hi! I've added a second name for a server, after it has been successfully joined to the domain. But how to configure it so it knows its own secondary name(s) and request kerberos ticket for it? [2022/11/22 13:07:53.558416, 1] ../../source3/librpc/crypto/gse.c:695(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/FS at TLS.MSK.RU(kvno 2) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] This is server named SVFSP, with an alias FS (File Server). I remember this can be done at the time of join when smb.conf has netbios aliases = FS line. But how to add it after the join? BTW, can there be several FSes in the same domain? Thanks, /mjt
Kees van Vloten
2022-Nov-22 10:20 UTC
[Samba] adding server aliases after joining to a domain
Op 22-11-2022 om 11:13 schreef Michael Tokarev via samba:> Hi! > > I've added a second name for a server, after it has been successfully > joined to the > domain.? But how to configure it so it knows its own secondary name(s) > and request > kerberos ticket for it? > > [2022/11/22 13:07:53.558416,? 1] > ../../source3/librpc/crypto/gse.c:695(gse_get_server_auth_token) > ? gss_accept_sec_context failed with [ Miscellaneous failure (see > text): Failed to find cifs/FS at TLS.MSK.RU(kvno 2) in keytab > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] > > This is server named SVFSP, with an alias FS (File Server).Not sure what you mean exactly but I assume you want to add an SPN to a computer or user object? samba-tool spn add <principal> <acoount> And export the keytab for the account on the client machine> > I remember this can be done at the time of join when smb.conf > has netbios aliases = FS line.? But how to add it after the > join? > > BTW, can there be several FSes in the same domain? > > Thanks, > > /mjt >
Rowland Penny
2022-Nov-22 11:05 UTC
[Samba] adding server aliases after joining to a domain
On 22/11/2022 10:13, Michael Tokarev via samba wrote:> Hi! > > I've added a second name for a server, after it has been successfully > joined to the > domain.? But how to configure it so it knows its own secondary name(s) > and request > kerberos ticket for it? > > [2022/11/22 13:07:53.558416,? 1] > ../../source3/librpc/crypto/gse.c:695(gse_get_server_auth_token) > ? gss_accept_sec_context failed with [ Miscellaneous failure (see > text): Failed to find cifs/FS at TLS.MSK.RU(kvno 2) in keytab > MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] > > This is server named SVFSP, with an alias FS (File Server). > > I remember this can be done at the time of join when smb.conf > has netbios aliases = FS line.? But how to add it after the > join? > > BTW, can there be several FSes in the same domain? > > Thanks, > > /mjt >Using 'netbios aliases' went out with NT4-style domains, you now need to use a CNAME. You can add one with samba-tool: samba-tool dns add <server> <zone> <name> CNAME fqdn_string -U Administrator Where: <server> is the DC to carry out the modification on. <zone> is the AD dns domain <name> is the Alias (what you are are calling the 'netbios alias') fqdn_string is the fully qualified name that you want the CNAME to point to. Rowland