> > This lead me to another question: in this way, aliases are ''domain
> > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> > another DM aliased 'file' in another LAN, as was used before with NT
> > like domains (two different domains).

> Correct, you can't use the different netbios namespaces to do that. 
> Not that real NT4 allowed different netbios namespaces either, but all
> sorts of games were possible (I've done that myself back in the day
> with Samba).  

Good to know. Thanks.

> You can't even use DNS search paths on the clients and then fully
> qualfied aliases as the client will ask for a ticket for exactly the
> name stated, not the FQDN as this avoids in-secure DNS being an attack
> point. 

Mmmhhh... i try to do an example.

Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it'
in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in
LAN 2.

If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2
'pp.lnf.it', i cannot alias 'file' on both because the ticket get asked
for 'vdmsv1.ad.fvg.lnf.it' and 'vdmpp1.ad.fvg.lnf.it'. Right?

> I hope this clarifies things,

Sure, but... really i don't found many examples about 'spn add' and so
i'm still on doubt. This is right?

> > Supposing to have a DM like 'vdmsv1.ad.fvg.lnf.it', and i need to
> > create an alias 'file', i need to add 'file' to 'netbios aliases' and
> > also do something like:
> > 
> > 	samba-tool spn add host/vdmsv1.ad.fvg.lnf.it file.ad.fvg.lnf.it


