search for: serviceprincipalnames

Hi all, SPN = servicePrincipalName A simple search returning all servicePrincipalName declared in your AD: ldbsearch -H $sam serviceprincipalname=* serviceprincipalname An extract from result concerning a lambda client: # record 41 dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/MB38W746-0009 servicePrincipalName: HOST/MB38W746-0009.ad.domain.tld

Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: Hi, Mathias and all thank you for your answer. > Hi all, > > SPN = servicePrincipalName > > A simple search returning all servicePrincipalName declared in your AD: > ldbsearch -H $sam serviceprincipalname=* serviceprincipalname > For me: ldbsearch -H /var/lib/samba/private/sam.ldb serviceprincipalname=*

Hi again, Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann: > Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: > Hi, Mathias and all > thank you for your answer. > > > Hi all, > > > > SPN = servicePrincipalName > > > > A simple search returning all servicePrincipalName declared in your AD: > > ldbsearch -H $sam

...ePrincipalName" This added this required line to sam.ldb: servicePrincipalName: MSSQLSvc/PCNAME.domain.domain.domain.de:DATEV_DBENGIN E Failures in the logs are gone, so this could be the way to fix this. In terms of security i`m unsure, if it`s a good way, to give an machine rights to add servicePrincipalNames ? I am also unclear, why local service should register himself in active- directory, The easiest could be to disable this behaviour complete -if possible.. > Best regards, > > mathias > Greetings Markus > 2016-03-24 9:51 GMT+01:00 Markus Dellermann <li-mli at gmx.net>: &g...

On Thu, 12 Oct 2017 13:28:40 -0500 (CDT) Mike Ray <mray at xes-inc.com> wrote: > ----- On Oct 11, 2017, at 5:56 PM, samba samba at lists.samba.org wrote: > > > ----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org > > wrote: > > > >> On Tue, 10 Oct 2017 11:28:09 -0500 (CDT) > >> Andrew Martin <amartin at xes-inc.com> wrote: >

On Sun, 2 Oct 2016 22:01:32 -0600 "Paul R. Ganci via samba" <samba at lists.samba.org> wrote: > > > On 10/02/2016 07:57 PM, Paul R. Ganci via samba wrote: > > > > > > On 10/02/2016 06:15 PM, Paul R. Ganci via samba wrote: > >> On 09/11/2016 10:38 AM, Paul R. Ganci via samba wrote: > >> > >>> On 09/11/2016 01:23 AM, Rowland

On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote: > Op 04-04-2023 om 00:32 schreef Andrew Bartlett: > > > > > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > Unfortunately it's still erroring out: > > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > > > (7) mschap:

...quired line to sam.ldb: > servicePrincipalName: MSSQLSvc/PCNAME.domain.domain.domain.de: > DATEV_DBENGIN > E > > Failures in the logs are gone, so this could be the way to fix this. > In terms of security i`m unsure, if it`s a good way, to give an machine > rights > to add servicePrincipalNames ? > > > I am also unclear, why local service should register himself in active- > directory, > The easiest could be to disable this behaviour complete -if possible.. > > Best regards, > > > > mathias > > > Greetings > > Markus > > > 2016-03-2...

----- On Oct 12, 2017, at 1:52 PM, samba samba at lists.samba.org wrote: > On Thu, 12 Oct 2017 13:28:40 -0500 (CDT) > Mike Ray <mray at xes-inc.com> wrote: > >> ----- On Oct 11, 2017, at 5:56 PM, samba samba at lists.samba.org wrote: >> >> > ----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org >> > wrote: >> > >>

----- On Oct 11, 2017, at 5:56 PM, samba samba at lists.samba.org wrote: > ----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org wrote: > >> On Tue, 10 Oct 2017 11:28:09 -0500 (CDT) >> Andrew Martin <amartin at xes-inc.com> wrote: >> >> > > Rowland- > > I've been poking at this more and think the root of the problem is a

Hi, Does anyone have experience of using ldbedit or similar, to remove the duplicates below? (Is that even the right way for me to go?) Can I perhaps query something using ldbsearch, to find the duplicates, before using ldbedit? On Sun, 18 Nov 2018 at 21:37, Jonathan Hunter <jmhunter1 at gmail.com> wrote: > [...] > In my database, as reported by the domain join command above, I have

----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org wrote: > On Tue, 10 Oct 2017 11:28:09 -0500 (CDT) > Andrew Martin <amartin at xes-inc.com> wrote: > > Rowland- I've been poking at this more and think the root of the problem is a Kerberos problem. After joining this machine to the domain, it goes through a process that it calls "AD/Kerberos

Hi, I'm glad that helped you : ) About SPN, I found that link few days ago: https://adsecurity.org/?page_id=183 It tries to list the string values available usable for SPN. And it gives also that link: http://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx That one is a technet paper to explain SPNs. I tried to read it but

2016-07-04 4:40 GMT+02:00 Juan Garcia <juan at ish.com.au>: > Hi, >> >> Try to add "rdns = false" in krb5.conf on SERVER1. >> >> Hi Mathias, > > Thanks for your reply I have tried that option but same issues. This is > getting worst now. Not sure what else to do, any other test/changes you > advise me to do? Right now I'm out of ideas.

Hai,   I noticed something strange in the keytab file on my member server. This is a followup of : [Samba] winbind question. (challenge/response password authentication) Samba 4.5.3 on Debian Jessie.   Leave the domain. net ads leave -k Deleted account for 'PROXY2' in realm 'REALM'   I checked in windows, and the computer is gone in the “Computer” ou.   Removed the

Sharing my experience with SSO of Linux clients to Active Directory. Over the last 2 years or so, i had a great deal of trouble getting and _keeping_ authentication to our Win2000/Win2003 Active Directory system working from OpenSUSE and CentOS clients. ADS authentication would work until reboot, a few days, a month max. We'll see how long this lasts. Another problem was dealing with the

Thank you very much Louis, Rowland, Mike ! I have made all the changes proposed by Louis but still have the same problem. -> kinit works now with /var/lib/samba/private/secrets.keytab ------------------------ ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$ ~# ------------------------ -> but samba-tool authentication with machine account fail : ------------------------ ~#

Hi there, I joined a samba 4.1.2 to a Windows 2003 SBS and have some replication error. After debugging I found this: Server ldap/ADSRVS9 at DOMAIN.LOCAL is not registered with our KDC: Miscellaneous failure (see text): Server (ldap/ADSRVS9 at DOMAIN.LOCAL) unknown when I try to check with samba-tool drs kcc -U administrator adsrvs9 -d10 "samba-tool drs showrepl" show that

2017-06-21 14:29 GMT+02:00 Prunk Dump <prunkdump at gmail.com>: > Thank you very much Louis, Rowland, Mike ! > > I have made all the changes proposed by Louis but still have the same problem. > > -> kinit works now with /var/lib/samba/private/secrets.keytab > ------------------------ > ~# kinit -k -t /var/lib/samba/private/secrets.keytab FICHDC$ > ~# >

> Hi, > > Try to add "rdns = false" in krb5.conf on SERVER1. > Hi Mathias, Thanks for your reply I have tried that option but same issues. This is getting worst now. Not sure what else to do, any other test/changes you advise me to do? Right now I'm out of ideas. > > 2016-06-21 13:36 GMT+02:00 Juan Garcia <juan at ish.com.au > <mailto:juan at