similar to: Join a domain, Redhat 6, and servicePrincipalName

When joining our Solaris 10 Samba 3.0.23 system to ADS via... # /usr/local/samba/bin/net ads join -U Administrator Administrator's password: Using short domain name -- ULS Failed to set servicePrincipalNames. Only NTLM authentication will be possible. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Joined

I'm not an expert, especially when it comes to servicePrincipalName which I haven't understood until now but I think it is safe to give an object the right to modify itself. If securing is one of your main concern, you could try to remove the possibility to that account to modify itself, once the servicePrincipalName is created. Doing that SPN should NOT be removed (no right to remove it)

Hi Mathias and all. Am Donnerstag, 24. März 2016, 13:26:12 CEST schrieb mathias dufresne: > Hi, > > I'm glad that helped you : ) > > About SPN, I found that link few days ago: > https://adsecurity.org/?page_id=183 > It tries to list the string values available usable for SPN. > > And it gives also that link: >

Hi, I'm glad that helped you : ) About SPN, I found that link few days ago: https://adsecurity.org/?page_id=183 It tries to list the string values available usable for SPN. And it gives also that link: http://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx That one is a technet paper to explain SPNs. I tried to read it but

Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: Hi, Mathias and all thank you for your answer. > Hi all, > > SPN = servicePrincipalName > > A simple search returning all servicePrincipalName declared in your AD: > ldbsearch -H $sam serviceprincipalname=* serviceprincipalname > For me: ldbsearch -H /var/lib/samba/private/sam.ldb serviceprincipalname=*

Hi again, Am Montag, 14. März 2016, 00:44:47 CET schrieb Markus Dellermann: > Am Donnerstag, 10. März 2016, 10:41:34 CET schrieb mathias dufresne: > Hi, Mathias and all > thank you for your answer. > > > Hi all, > > > > SPN = servicePrincipalName > > > > A simple search returning all servicePrincipalName declared in your AD: > > ldbsearch -H $sam

Hi all, SPN = servicePrincipalName A simple search returning all servicePrincipalName declared in your AD: ldbsearch -H $sam serviceprincipalname=* serviceprincipalname An extract from result concerning a lambda client: # record 41 dn: CN=win-client345,OU=Machines,DC=ad,DC=domain,DC=tld servicePrincipalName: HOST/MB38W746-0009 servicePrincipalName: HOST/MB38W746-0009.ad.domain.tld

----- On Oct 11, 2017, at 5:56 PM, samba samba at lists.samba.org wrote: > ----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org wrote: > >> On Tue, 10 Oct 2017 11:28:09 -0500 (CDT) >> Andrew Martin <amartin at xes-inc.com> wrote: >> >> > > Rowland- > > I've been poking at this more and think the root of the problem is a

----- On Oct 12, 2017, at 1:52 PM, samba samba at lists.samba.org wrote: > On Thu, 12 Oct 2017 13:28:40 -0500 (CDT) > Mike Ray <mray at xes-inc.com> wrote: > >> ----- On Oct 11, 2017, at 5:56 PM, samba samba at lists.samba.org wrote: >> >> > ----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org >> > wrote: >> > >>

Hi, I have 2 domain controllers with samba4, and i realized i have some missing spns for the second domain controller: > samba-tool spn list dc1$ dc1$ User CN=dc1,OU=Domain Controllers,DC=test,DC=pt has the following servicePrincipalName: ?? ? HOST/dc1.test.pt ?? ? HOST/dc1.test.pt/test[1] ?? ? ldap/dc1.test.pt/test[1] ?? ? GC/dc1.test.pt/test.pt[2] ?? ?

Sharing my experience with SSO of Linux clients to Active Directory. Over the last 2 years or so, i had a great deal of trouble getting and _keeping_ authentication to our Win2000/Win2003 Active Directory system working from OpenSUSE and CentOS clients. ADS authentication would work until reboot, a few days, a month max. We'll see how long this lasts. Another problem was dealing with the

On Tue, 2023-04-04 at 09:37 +0200, Kees van Vloten wrote: > Op 04-04-2023 om 00:32 schreef Andrew Bartlett: > > > > > On Mon, 2023-04-03 at 15:08 +0000, Tim ODriscoll via samba wrote: > > > > > Unfortunately it's still erroring out: > > > (7) mschap: Creating challenge hash with username: host/SL-6S4BBS3.MYDOMAIN.co.uk > > > (7) mschap:

On Thu, 12 Oct 2017 13:28:40 -0500 (CDT) Mike Ray <mray at xes-inc.com> wrote: > ----- On Oct 11, 2017, at 5:56 PM, samba samba at lists.samba.org wrote: > > > ----- On Oct 10, 2017, at 12:02 PM, samba samba at lists.samba.org > > wrote: > > > >> On Tue, 10 Oct 2017 11:28:09 -0500 (CDT) > >> Andrew Martin <amartin at xes-inc.com> wrote: >

Following up on this post for the benefit of the archives, I don't want to be another DenverCoder9! [1] I believe I have fixed this issue now (although I am at a loss to explain how it occurred in the first place). Hopefully I correctly figured out what SPNs should be present against each machine - I'm not an expert in this area, but am describing the process I went through below in the

I am using samba as a domain member for A W2K Domain. The purpose is provide storage services to Unix and W2K Metaframe Servers using kerberos authentication. ( So we are using Samba 3.0 from a while and SUN NFS with kerberos in the same storage - but no sharing locks as Veritas products offer ). so I used the net command: net ads join This command creted a samba3.0 computer account in

On Fri, 16 Sep 2016 22:43:42 +0200 Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: > > Achim Gottinger via samba wrote on 9/15/16 1:20 AM: > >> > >> > >> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba: > >>> On Wed, 14 Sep 2016 16:23:27 -0500 >

Hi everyone, samba-tool dbcheck --reindex Re-indexing... ../ldb_tdb/ldb_index.c:2352: duplicate attribute value in CN=WSTEST,OU=vm,OU=computers,OU=test,DC=ad,DC=test,DC=it for index on servicePrincipalName, duplicate of objectGUID 4c723426-73f8-4991-bf95-88eb57840c2c in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/WSTEST.AD.TEST.IT Looking at the computer entry, I indeed have thoses two SPN (notice

Hello All. I am using Samba AD DC and Linux server with Squid, and I try to configure kerberos authentication for proxy server users. I need to add SPN for user and then export keytab with it to file. I am add user with RSAT and add SPN for it with samba-tool (like https://wiki.samba.org/index.php/Generating_Keytabs): -------------------- root at ad41:/# samba-tool spn list proxy proxy User

On Fri, 16 Sep 2016 23:02:20 +0200 Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba: > > On Fri, 16 Sep 2016 22:43:42 +0200 > > Achim Gottinger via samba <samba at lists.samba.org> wrote: > > > >> > >> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba: >

Hello, I've got some log entries like these on our DCs: Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] account[db1$] hostname[(null)] nbname[mydom] ntds[(null)] forest[mydom.lan] domain[mydom.lan] At first I thought it was about missing SPN entries, but adding these did not resolve the problem: # samba-tool