Web lists-archives.com

[Samba] Failed to modify SPNs




Hello,

I've got some log entries like these on our DCs:

Failed to modify SPNs on CN=db1,CN=Computers,DC=mydom,DC=lan: acl: spn validation failed for spn[TERMSRV/DB1.MYDOM] uac[0x1000] account[db1$]
hostname[(null)] nbname[mydom] ntds[(null)] forest[mydom.lan] domain[mydom.lan]

At first I thought it was about missing SPN entries, but adding these did not resolve the problem:

# samba-tool spn list db1$
db1$
User CN=db1,CN=Computers,DC=mydom,DC=lan has the following servicePrincipalName: 
         TERMSRV/db1
         TERMSRV/db1.mydom
         TERMSRV/db1.mydom.lan


Samba is 4.7.8 and one DC with 4.8.3.

Any ideas?

KInd Regards,

Henry

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba