Web lists-archives.com

Re: [Samba] Server not found in Kerberos database trying to ssh a into a linux server joined to an AD domain




On Mon, 17 Jul 2017 08:48:04 +0200
André Welter via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Thanks for the reply.
> 
> Ok, I think I got a workaround. By adding a suffix ("_L") to the
> netbios name of servera.foo.bar the problem goes away.

Glad you found a workaround, not sure if it is going to work in the
long term though.

> 
> But I am still curious.
> 
> Regardless if it's linux or windows clients, I can arrive at the same
> problem by only using pdbedit and samba-tool on one of the DCs to
> create computer accounts and SPNs. And I think, I am doing nothing
> illegal.

You probably can use pdbedit to pre-create a machine account, but I
wouldn't, but there is no code in samba-tool to do this.
 
> 
> I haven't looked at the code but to me it seems like whatever builds
> the ldb query I mentioned above assumes that the cn of a computer
> account (which is the netbios name) always is the hostname. Which
> might not be true. Can anybody comment on that?
> 

Why wouldn't you want the 'cn' to be the hostname of the computer ?
This is the way that the Samba tools create machine accounts when the
join occurs.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba