Re: [Samba] Server not found in Kerberos database trying to ssh a into a linux server joined to an AD domain
- Date: Mon, 17 Jul 2017 09:19:23 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Server not found in Kerberos database trying to ssh a into a linux server joined to an AD domain
> > >
> > As far as I am aware, your AD realm must be the same as your dns
> > domain (not to be confused with a NetBIOS domain name), so I don't
> > think this is going to work as is.
AD REALM and DNS Domain are 2 different things.
You can have multple dns domains with other names then the REALM domains.
But its more complex to configure.
> > Your other problem: neither sssd or adcli are Samba products and as
> > you are using them, you are asking in the wrong place, try the
> > sssd-users mailing list.
> > Rowland
> Thanks for the reply.
> Ok, I think I got a workaround. By adding a suffix ("_L") to
> the netbios name of servera.foo.bar the problem goes away.
> But I am still curious.
> Regardless if it's linux or windows clients, I can arrive at
> the same problem by only using pdbedit and samba-tool on one
> of the DCs to create computer accounts and SPNs. And I think,
> I am doing nothing illegal.
> I haven't looked at the code but to me it seems like whatever
> builds the ldb query I mentioned above assumes that the cn of
> a computer account (which is the netbios name) always is the
> hostname. Which might not be true.
> Can anybody comment on that?
adcli join ?
If this works the same as msktutil
which creates a user and sets the needed options then your real hostname and "joined_hostname" are different.
But same here, i dont know SSSD, you might need to ask the sssd list.
To unsubscribe from this list go to the following URL and read the