samba - Jan 2023 - Upgrading from Samba 4.8.2 to 4.15.5

On 1/31/23 02:13, Michael Tokarev via samba wrote:
> 31.01.2023 08:55, Matt Savin via samba ?????:
>> In group policies use DNS aliases, then you'll need to change only
DNS
>> entries for these aliases to point to a new host(s).
>
> I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs
> instead
> (see samba-tool spn). This will manage CNAMEs too, and also manages 
> the KRB
> tickets and proper autentication of the server to the client.
> (After changing SPNs for a host, one needs to re-generate keytab).
>
> /mjt
>
Great suggestion! I'll have to investigate that.

1.01.2023 10:13, Michael Tokarev ?????:
> I'd say don't use simple dns aliases (cnames) in a DC, but use SPNs
> instead
In an AD Domain I mean, not in a DC.

/mjt

This bit is confusing. The DNS runs on the DC, so what do you mean "not 
in a DC"?

--Mark

31.01.2023 18:33, Mark Foley via samba wrote:
> 1.01.2023 10:13, Michael Tokarev wrote:
>> I'd say don't use simple dns aliases (cnames) in a DC, but use
SPNs instead
> 
> In an AD Domain I mean, not in a DC.
> This bit is confusing. The DNS runs on the DC, so what do you mean
"not in a DC"?
I wanted to write "don't use simple DNS aliases in an AD", - but I
wrote "in a DC"
instead. The second email meant to correct that typo.

/mjt