search for: serviceprinicipalname

...inding that last SPN. > However, on the TGS-REQ, it only searches for 2 of those SPNs. It is > a mystery to me why "expr: > (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM))" > does not return -- it is not explicitly listed in the > "servicePrinicipalName" attribute, but since > "root/hostname.example.com" is and "@EXAMPLE.COM" is the realm, I > would think it could figure it out. I'll keep looking into that; > however, the lack of the last SPN search seems to me to be a bug. > > Any thoughts? Yes, you s...

...eturns positively after finding that last SPN. However, on the TGS-REQ, it only searches for 2 of those SPNs. It is a mystery to me why "expr: (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM))" does not return -- it is not explicitly listed in the "servicePrinicipalName" attribute, but since "root/hostname.example.com" is and "@EXAMPLE.COM" is the realm, I would think it could figure it out. I'll keep looking into that; however, the lack of the last SPN search seems to me to be a bug. Any thoughts?

.... >> However, on the TGS-REQ, it only searches for 2 of those SPNs. It is >> a mystery to me why "expr: >> (&(objectClass=user)(userPrincipalName=root/hostname.example.com at EXAMPLE.COM))" >> does not return -- it is not explicitly listed in the >> "servicePrinicipalName" attribute, but since >> "root/hostname.example.com" is and "@EXAMPLE.COM" is the realm, I >> would think it could figure it out. I'll keep looking into that; >> however, the lack of the last SPN search seems to me to be a bug. >> >> Any t...

----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org wrote: > On Tue, 10 Oct 2017 11:28:09 -0500 (CDT) > Andrew Martin <amartin at xes-inc.com> wrote: > > Rowland- I've been poking at this more and think the root of the problem is a Kerberos problem. After joining this machine to the domain, it goes through a process that it calls "AD/Kerberos