Web lists-archives.com

Re: [Samba] kerberos issue (SPN not found) with windows Hyper-V ( samba 4.5.3 AD)




To be more precise, live migration works, but only when started directly from the hyper-v that I'm directly logged into (via RDP for example), as in: logged into host A, I can live migrate from host A to host B, to migrate the other way round I have to log into host B first and start migration there.

Bug must be somewhere within kerberos constrained delegation or maybe it's still connected to the weird hyper-v SPN's (weird as in: with whitespaces within their names) and my proposed workaround to get anything started (hyper-v replica and live migration with aforementioned limitations).

I've tried to read up more on possible causes for the kerberos error, but I'm too much of a newbie to have any chance to truly understand what's not working. Or even if it's supposed to work at all.

Anyway I made a further test and I created a simple 2 node Hyper-V failover cluster on top of those hyper-v hosts used earlier, and within the cluster live migration works perfectly in every direction imagined (when using failover cluster manager, I can live migrate VM from host a to host b, then directly from host b to host a without changing machines i'm logged into), but then again it is overall a lot complicated solution which I'm not ready to use in production yet.

Overall some issues I did manage to solve, so I guess that's that. :-)


W dniu 2017-03-19 o 21:18, Luke Bigum via samba pisze:
Hello,

This won't be a very helpful reply, but I can confirm I've had the exact same issue. I ran into this a few years ago and could not get HyperV migrations to work with a Samba DC. I even went so far as to install a Windows DC just to prove to myself that it is supposed to work, and it does, perfectly (with ADDC it even creates all the SPNs for you auto-magically).

Unfortunately at the time I was focused on a Windows VM Disaster Recovery problem, so ended up dropping HyperV entirely in favour of KVM and DRBD. As such, I never raised a bug with Samba or Catalyst about this - I probably should have :-/ Sorry I can't be of more help other than to add my voice to "there is  a bug somewhere in Samba".



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba