search for: serviceprincipalname

Hi all, SPN = servicePrincipalName A simple search returning all servicePrincipalName declared in your AD: ldbsearch -H $sam serviceprincipalname=* serviceprincipalname An extract from result concerning a lambda client: # record 41 dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/MB38W746-0009 ser...

Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: Hi, Mathias and all thank you for your answer. > Hi all, > > SPN = servicePrincipalName > > A simple search returning all servicePrincipalName declared in your AD: > ldbsearch -H $sam serviceprincipalname=* serviceprincipalname > For me: ldbsearch -H /var/lib/samba/private/sam.ldb serviceprincipalname=* serviceprincipalname > An extract from result concerning a lambda...

Hi again, Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann: > Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: > Hi, Mathias and all > thank you for your answer. > > > Hi all, > > > > SPN = servicePrincipalName > > > > A simple search returning all servicePrincipalName declared in your AD: > > ldbsearch -H $sam serviceprincipalname=* serviceprincipalname > > For me: > ldbsearch -H > /var/lib/samba/private/sam.ldb serviceprincipalname=* serviceprincipalname > [...] Than...

...nks & explanation > According to that and because I have no idea what is DATEV_DBENGINE "DATEV_DBENGINE" This is from an Programm called "Datev...", installed local on this pc. It`s db is stored in local Microsoft-SQL. But yes, its seems curios, that this is added to the servicePrincipalname If i understand it`s syntax right, there should be eventually a portnumber, but maybe this is the local accountname for this service. > dn: CN=PCNAME,CN=Computers,DC=... > changetype: modify > add: servicePrincipalName > servicePrincipalName: MSSQLSvc/PCNAME.ad-dom.domain.tld:<some...

....example.com at EXAMPLE.COM from > ipv4:192.168.0.115:41751 for krbtgt/EXAMPLE.COM at EXAMPLE.COM expr: > (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM)) > expr: (&(objectClass=user)(samAccountName=root/hostname.example.com)) > expr: > (&(servicePrincipalName=root/hostname.example.com)(objectClass=user)) > userPrincipalName: host/hostname.example.com at EXAMPLE.COM > servicePrincipalName: host/hostname.example.com servicePrincipalName: > nfs/hostname.example.com servicePrincipalName: > HTTP/hostname.example.com servicePrincipalName: > roo...

On Sun, 2 Oct 2016 22:01:32 -0600 "Paul R. Ganci via samba" <samba at lists.samba.org> wrote: > > > On 10/02/2016 07:57 PM, Paul R. Ganci via samba wrote: > > > > > > On 10/02/2016 06:15 PM, Paul R. Ganci via samba wrote: > >> On 09/11/2016 10:38 AM, Paul R. Ganci via samba wrote: > >> > >>> On 09/11/2016 01:23 AM, Rowland

...) mschap: Client is using MS-CHAPv2 > > > > Is this set as a UPN (with the realm appended) on the user? > > > In my environment (where samba + freeradius + wifi connect with > machine account works), there is no UPN set on the machine account, > just a set of SPNs: > servicePrincipalName: HOST/myhost.example.com > servicePrincipalName: RestrictedKrbHost/myhost.example.com > servicePrincipalName: HOST/MYHOST > servicePrincipalName: RestrictedKrbHost/BARTOK > servicePrincipalName: WSMAN/myhost.example.com > servicePrincipalName: WSMAN/myhost > servicePrincipalName:...

I'm not an expert, especially when it comes to servicePrincipalName which I haven't understood until now but I think it is safe to give an object the right to modify itself. If securing is one of your main concern, you could try to remove the possibility to that account to modify itself, once the servicePrincipalName is created. Doing that SPN should NOT be re...

...PLE.COM from >> ipv4:192.168.0.115:41751 for krbtgt/EXAMPLE.COM at EXAMPLE.COM expr: >> (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM)) >> expr: (&(objectClass=user)(samAccountName=root/hostname.example.com)) >> expr: >> (&(servicePrincipalName=root/hostname.example.com)(objectClass=user)) >> userPrincipalName: host/hostname.example.com at EXAMPLE.COM >> servicePrincipalName: host/hostname.example.com servicePrincipalName: >> nfs/hostname.example.com servicePrincipalName: >> HTTP/hostname.example.com servicePrincip...

...EQ root/hostname.example.com at EXAMPLE.COM from ipv4:192.168.0.115:41751 for krbtgt/EXAMPLE.COM at EXAMPLE.COM expr: (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM)) expr: (&(objectClass=user)(samAccountName=root/hostname.example.com)) expr: (&(servicePrincipalName=root/hostname.example.com)(objectClass=user)) userPrincipalName: host/hostname.example.com at EXAMPLE.COM servicePrincipalName: host/hostname.example.com servicePrincipalName: nfs/hostname.example.com servicePrincipalName: HTTP/hostname.example.com servicePrincipalName: root/hostname.exam...

...n I perhaps query something using ldbsearch, to find the duplicates, before using ldbedit? On Sun, 18 Nov 2018 at 21:37, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > [...] > In my database, as reported by the domain join command above, I have > five duplicates 'for index on servicePrincipalName', plus 107 > duplicates for index on a custom LDAP attribute I am using. If there's > a correct way I can step through these one by one, and remove the > duplicates, I am happy to try... I guess ldbedit does carry some level of risk with it, but I can't seem to add any DCs to...

...t (TGT), the machine makes a TGS-REQ to the same DC. However, instead of receiving the TGS-REP, the machine receives an error from the DC stating that the principal could not be found. How is that happening? Isn't the principal just "root/host.example.com"? I can verify that the "servicePrincipalName" attribute for that computer object has "root/host.example.com" listed. Isn't the TGS-REQ authenticated by the ticket response (AS-REP)? What could make the ticket included in the AS-REP instantly invalid? Any insights would be appreciated. Thanks,

...icename* *serviceclass* and *host* are required, but *port* and *service* name are optional. The colon between *host* and *port* is only required when a *port* is present. According to that and because I have no idea what is DATEV_DBENGINE dn: CN=PCNAME,CN=Computers,DC=... changetype: modify add: servicePrincipalName servicePrincipalName: MSSQLSvc/PCNAME.ad-dom.domain.tld:<some port number> And I would also add a second SPN using NETBIOS name of PCNAME rather than FQDN, which gives us: servicePrincipalName: MSSQLSvc/PCNAME:<some port number> Adding both SPN you have two unique name for your SPN a...

...supdate: A server1.domain.name.com.au 0.0.0.0 : [Errno 2] No >> such file >> >> or directory >> >> 0.0.0.0 is, for me, "all addresses". It is used by netstat, ip... using A.B.C.D or a fake address should limit confusion :) This said it sounds like a SPN (servicePrincipalName) could be missing on your DC1's LDAP object. Once more, ldbsearch: ldbsearch -H $sam cn=dc208 servicePrincipalName # record 1 dn: CN=DC208,OU=Domain Controllers,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/DC208 servicePrincipalName: HOST/dc208.ad.domain.tld servicePrincipalName: GC/dc208...

...1/2017 14:09:28 PROXY2$@REALM (arcfour-hmac)   Now why is the HTTP now http. some spn's need CAPS, some not. squid needs HTTP/ not http..  :-(   when i now check in windows, user manager, goto the computer and (OU=Computers) on the Attribute Editor tab, in the Attributes list, select servicePrincipalName, and then click Edit.   i seeing here:   HOST/PROXY2 HOST/proxy2.internal.domain.tld http/proxy2 HTTP/PROXY2 http/proxy2.internal.domain.tld HTTP/proxy2.internal.domain.tld nfs/proxy2 nfs/proxy2.internal.domain.tld   now why is there a http and HTTP while this didnt happen with the nf...

...als LDAP Explorer (ADExplorer.exe) to change the entry in ActiveDirectory to remove any reference to localhost. Unless i changed /etc/hosts to not have rmonster in "127.0.0.1 localhost.localdomain localhost rmonster", deleted from WinAD and rejoined. dNSHostName: rmonster.snslatc.hp.com servicePrincipalName: CIFS/rmonster.snslatc.hp.com servicePrincipalName: CIFS/rmonster servicePrincipalName: HOST/rmonster.snslatc.hp.com servicePrincipalName: HOST/rmonster Is the line "servicePrincipalName: CIFS/rmonster.snslatc.hp.com" only required when you want your Linux box shares to show to other cli...

...t,CN=FICHDC,OU=Domain Controllers,DC=net,DC=lyc-gui llaume-fichet,DC=ac-grenoble,DC=fr serverReferenceBL: CN=FICHDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN =Configuration,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr msDS-SupportedEncryptionTypes: 31 pwdLastSet: 131423563752421340 servicePrincipalName: nfs/fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr servicePrincipalName: HOST/fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr servicePrincipalName: HOST/fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr/FICH NET servicePrincipalName: ldap/fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr/FICH NET servi...

...tings,CN=SBSSRV,CN=Servers,CN=K26,CN=Sites,CN=Configuration,DC=domain,DC=local TransportType: RPC options: 0x00000001 Warning: No NC replicated for Connection! Searching in LDAP: root at adsrvs9:/usr/local# ldbsearch -H ldap://sbssrv -Uadministrator%xxx |grep ldap servicePrincipalName: ldap/sbssrv.domain.local/ForestDnsZones.domain.local servicePrincipalName: ldap/sbssrv.domain.local/DomainDnsZones.domain.local servicePrincipalName: ldap/ebc03070-b2fb-48da-9ea8-5a7c7579ec3f._msdcs.domain servicePrincipalName: ldap/sbssrv.domain.local/DOMAIN servicePrincipalName: ldap/SBSSRV serv...

...ers,DC=net,DC=lyc-gui > llaume-fichet,DC=ac-grenoble,DC=fr > serverReferenceBL: CN=FICHDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN > =Configuration,DC=net,DC=lyc-guillaume-fichet,DC=ac-grenoble,DC=fr > msDS-SupportedEncryptionTypes: 31 > pwdLastSet: 131423563752421340 > servicePrincipalName: nfs/fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr > servicePrincipalName: HOST/fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr > servicePrincipalName: HOST/fichdc.net.lyc-guillaume-fichet.ac-grenoble.fr/FICH > NET > servicePrincipalName: ldap/fichdc.net.lyc-guillaume-fichet.ac-grenobl...

> Hi, > > Try to add "rdns = false" in krb5.conf on SERVER1. > Hi Mathias, Thanks for your reply I have tried that option but same issues. This is getting worst now. Not sure what else to do, any other test/changes you advise me to do? Right now I'm out of ideas. > > 2016-06-21 13:36 GMT+02:00 Juan Garcia <juan at ish.com.au > <mailto:juan at