Web lists-archives.com

Re: [Samba] added spn and exported keytab not match




30.11.2017 14:00, Rowland Penny via samba пишет:

I am add user with RSAT and add SPN for it with samba-tool (like
https://wiki.samba.org/index.php/Generating_Keytabs):
--------------------
root@ad41:/# samba-tool spn list proxy
proxy
User CN=proxy,CN=Users,DC=dc,DC=S****,DC=ru has the following
servicePrincipalName:
           HTTP/proxy.S****.ru@DC.S****.RU
           host/proxy.S****.ru@DC.S****.RU

I am not an expert on squid by any means, but you seem to be adding
SPNs meant for a computer account to a user account i.e.
'proxy.S****.ru' would be a FQDN.
Also, the 'S****.ru' should 'dc.s****.ru'

Thanks for the idea. Here:

DC.S****.RU is a kerberos realm and domain name

proxy.s***.ru is a hostname of proxy server with squid
it is NOT joined to domain
hostname is a FQDN, but not in dc.s****.ru zone

(there is some servers not joined to domain and have FQDN in s****.ru zone, and some workstations and servers joined to domain in dc.s****.ru zone)

on servers not joined to domain configured own, not ADDC dns servers

Are there possibility to configure kerberos auth without joining server to domain and use ADDC dns servers?

I think you are going to have to wait until Louis gets over the flu, he
is the expert on squid ;-)

I saw this sadly news and best wishes to him too ;)

--
Mike


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba