Web lists-archives.com

Re: [Samba] [Curiosity] 'netbios aliases' works in AD mode?




On Wed, 2017-12-06 at 11:19 +0100, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
>   In chel di` si favelave...
> 
> > > We haved used it on a domain member server, yes.
> > > Only one thing: when you have a compteraccount memberserver$ in your AD, 
> > > you cannot use "memberserver" as an alias on another machine)
> > 
> > And you should register any such alias as a servicePrincpalName.
> 
> Ahem, looking at the wiki ad google does not help me.
> 
> 
> Supposing to have a DM like 'vdmsv1.ad.fvg.lnf.it', and i need to
> create an alias 'file', i need to add 'file' to 'netbios aliases' and
> also do something like:
> 
> 	samba-tool spn add host/vdmsv1.ad.fvg.lnf.it file.ad.fvg.lnf.it
> 
> 
> This lead me to another question: in this way, aliases are ''domain
> wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> another DM aliased 'file' in another LAN, as was used before with NT
> like domains (two different domains).

Correct, you can't use the different netbios namespaces to do that. 
Not that real NT4 allowed different netbios namespaces either, but all
sorts of games were possible (I've done that myself back in the day
with Samba).  

You can't even use DNS search paths on the clients and then fully
qualfied aliases as the client will ask for a ticket for exactly the
name stated, not the FQDN as this avoids in-secure DNS being an attack
point. 

I hope this clarifies things,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba