[Curiosity] 'netbios aliases' works in AD mode?

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

[Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list

As stated in subject.

I suppose in 'DC mode' no, but as DM i can define an alias for the
machine?

Looking at:

        https://bugzilla.samba.org/show_bug.cgi?id=1703

seems 'yes' to me...


Thanks.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
We haved used it on a domain member server, yes.

Only one thing: when you have a compteraccount memberserver$ in your AD,
you cannot use "memberserver" as an alias on another machine)

MJ

On 12/05/2017 04:00 PM, Marco Gaiarin via samba wrote:

>
> As stated in subject.
>
> I suppose in 'DC mode' no, but as DM i can define an alias for the
> machine?
>
> Looking at:
>
> https://bugzilla.samba.org/show_bug.cgi?id=1703
>
> seems 'yes' to me...
>
>
> Thanks.
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
On Tue, 2017-12-05 at 16:14 +0100, mj via samba wrote:
> We haved used it on a domain member server, yes.
>
> Only one thing: when you have a compteraccount memberserver$ in your AD,
> you cannot use "memberserver" as an alias on another machine)

And you should register any such alias as a servicePrincpalName.

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
In reply to this post by Samba - General mailing list
Mandi! mj via samba
  In chel di` si favelave...

> Only one thing: when you have a compteraccount memberserver$ in your AD, you
> cannot use "memberserver" as an alias on another machine)

Ok, tanks for the not.

Anyway, no: i only need to define some ''common'' service name (FILE,
CUPS; ...) si i don't need to rewrite so much scripts. ;)

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
In reply to this post by Samba - General mailing list
Mandi! Andrew Bartlett via samba
  In chel di` si favelave...

> > We haved used it on a domain member server, yes.
> > Only one thing: when you have a compteraccount memberserver$ in your AD,
> > you cannot use "memberserver" as an alias on another machine)
> And you should register any such alias as a servicePrincpalName.

Ahem, looking at the wiki ad google does not help me.


Supposing to have a DM like 'vdmsv1.ad.fvg.lnf.it', and i need to
create an alias 'file', i need to add 'file' to 'netbios aliases' and
also do something like:

        samba-tool spn add host/vdmsv1.ad.fvg.lnf.it file.ad.fvg.lnf.it


This lead me to another question: in this way, aliases are ''domain
wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
another DM aliased 'file' in another LAN, as was used before with NT
like domains (two different domains).

Right?

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
On Wed, 2017-12-06 at 11:19 +0100, Marco Gaiarin via samba wrote:

> Mandi! Andrew Bartlett via samba
>   In chel di` si favelave...
>
> > > We haved used it on a domain member server, yes.
> > > Only one thing: when you have a compteraccount memberserver$ in your AD,
> > > you cannot use "memberserver" as an alias on another machine)
> >
> > And you should register any such alias as a servicePrincpalName.
>
> Ahem, looking at the wiki ad google does not help me.
>
>
> Supposing to have a DM like 'vdmsv1.ad.fvg.lnf.it', and i need to
> create an alias 'file', i need to add 'file' to 'netbios aliases' and
> also do something like:
>
> samba-tool spn add host/vdmsv1.ad.fvg.lnf.it file.ad.fvg.lnf.it
>
>
> This lead me to another question: in this way, aliases are ''domain
> wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> another DM aliased 'file' in another LAN, as was used before with NT
> like domains (two different domains).

Correct, you can't use the different netbios namespaces to do that.
Not that real NT4 allowed different netbios namespaces either, but all
sorts of games were possible (I've done that myself back in the day
with Samba).  

You can't even use DNS search paths on the clients and then fully
qualfied aliases as the client will ask for a ticket for exactly the
name stated, not the FQDN as this avoids in-secure DNS being an attack
point.

I hope this clarifies things,

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
Mandi! Andrew Bartlett via samba
  In chel di` si favelave...

> > This lead me to another question: in this way, aliases are ''domain
> > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> > another DM aliased 'file' in another LAN, as was used before with NT
> > like domains (two different domains).

> Correct, you can't use the different netbios namespaces to do that.
> Not that real NT4 allowed different netbios namespaces either, but all
> sorts of games were possible (I've done that myself back in the day
> with Samba).  

Good to know. Thanks.


> You can't even use DNS search paths on the clients and then fully
> qualfied aliases as the client will ask for a ticket for exactly the
> name stated, not the FQDN as this avoids in-secure DNS being an attack
> point.

Mmmhhh... i try to do an example.

Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it'
in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in
LAN 2.

If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2
'pp.lnf.it', i cannot alias 'file' on both because the ticket get asked
for 'vdmsv1.ad.fvg.lnf.it' and 'vdmpp1.ad.fvg.lnf.it'. Right?


> I hope this clarifies things,

Sure, but... really i don't found many examples about 'spn add' and so
i'm still on doubt. This is right?

> > Supposing to have a DM like 'vdmsv1.ad.fvg.lnf.it', and i need to
> > create an alias 'file', i need to add 'file' to 'netbios aliases' and
> > also do something like:
> >
> > samba-tool spn add host/vdmsv1.ad.fvg.lnf.it file.ad.fvg.lnf.it

Thanks.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
On Thu, 2017-12-07 at 10:48 +0100, Marco Gaiarin via samba wrote:

> Mandi! Andrew Bartlett via samba
>   In chel di` si favelave...
>
> > > This lead me to another question: in this way, aliases are ''domain
> > > wide'' right? Eg, i cannot have a DM aliased 'file' in a LAN and
> > > another DM aliased 'file' in another LAN, as was used before with NT
> > > like domains (two different domains).
> > Correct, you can't use the different netbios namespaces to do that.
> > Not that real NT4 allowed different netbios namespaces either, but all
> > sorts of games were possible (I've done that myself back in the day
> > with Samba).  
>
> Good to know. Thanks.
>
>
> > You can't even use DNS search paths on the clients and then fully
> > qualfied aliases as the client will ask for a ticket for exactly the
> > name stated, not the FQDN as this avoids in-secure DNS being an attack
> > point.
>
> Mmmhhh... i try to do an example.
>
> Supposing we have 'vdmsv1.ad.fvg.lnf.it' aliased with 'file.sv.lnf.it'
> in LAN 1, and 'vdmpp1.ad.fvg.lnf.it' aliased with 'file.pp.lnf.it' in
> LAN 2.
>
> If client in LAN 1 have 'sv.lnf.it' in search path, and in LAN 2
> 'pp.lnf.it', i cannot alias 'file' on both because the ticket get asked
> for 'vdmsv1.ad.fvg.lnf.it' and 'vdmpp1.ad.fvg.lnf.it'. Right?

No, it will ask for 'file'.  If the servicePrincipalName is not unique,
the lookup will fail.

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
Mandi! Andrew Bartlett via samba
  In chel di` si favelave...

> No, it will ask for 'file'.  If the servicePrincipalName is not unique,
> the lookup will fail.

OK. Thanks.


Sorry again, but really i don't find examples for SPN definition. The
commandline:

        samba-tool spn add host/vdmsv1.ad.fvg.lnf.it file.ad.fvg.lnf.it

is corect to define alias 'FILE' for domain member 'vdmsv1'?


Thanks.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list

Ahem no one reply me.


A little fast-rewind: i need to have some 'aliases' to my servers (DM);
seems i need to add in smb.conf:

 netbios aliases = FILESV

but also add a 'SPN'; trying to look around for an examples, lead me to
''nothing'', or to examples that seems to me unrelated.

Supposing the domain is 'ad.fvg.lnf.it' and the FQDN of the real host
is 'vdmsv1.ad.fvg.lnf.it', i need to do:

> samba-tool spn add host/vdmsv1.ad.fvg.lnf.it filesv.ad.fvg.lnf.it

Right?! Thanks.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list

> Ahem no one reply me.

Still no feedback. I've done some test by myself.

a) i've added in smb.conf:

        netbios aliases = CUPSSV FILESV

b) i've registered the alias as SPNs, now i've:

        root@vdcsv1:~# samba-tool spn list vdmsv1$
        vdmsv1$
        User CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it has the following servicePrincipalName:
                 HOST/VDMSV1
                 HOST/vdmsv1.ad.fvg.lnf.it
                 HOST/filesv.ad.fvg.lnf.it
                 HOST/FILESV
                 HOST/CUPSSV
                 HOST/cupssv.ad.fvg.lnf.it

(for google, the correct commandline seems:
        samba-tool spn add HOST/cupssv.ad.fvg.lnf.it vdmsv1$
)

c) still does not work; if i browse the network i can see the 'FILESV'
 host/server, but i cannot open it (give a generic/unknown error).


Could be that there's no DNS records?

        root@vdcsv1:~# host filesv.ad.fvg.lnf.it
        Host filesv.ad.fvg.lnf.it not found: 3(NXDOMAIN)

I've to add that, via 'samba-tool dns add'? I've to add 'A' records or
i can add 'CNAME'?


Thanks.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
Hai Marco,

I dont get what your goal is, sorry.. :-/

If you follow this template.
The computername  should always have an A + PTR recored.
Now create an CNAME and point to the computer name, and this one can be in any zone.
Does not have to be the primary dns zone, as long as the zones are withing the kerberos domain.

On a member you have, by default : dns proxy = yes , man smb.conf for the info.
But since samba-ad-dc does not run NMBD i dont think what your trying below is going to work.
But i think, not sure about it.

And, sorry, but can you explain a bit more what your trying to do.
You want cups with kerberos auth? You only need the host/spn.
All i have is :          
HOST/PRINT1
HOST/print1.internal.example.com


Greetz,

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Marco Gaiarin via samba
> Verzonden: maandag 18 december 2017 15:24
> Aan: [hidden email]
> Onderwerp: Re: [Samba] [Curiosity] 'netbios aliases' works in AD mode?
>
>
> > Ahem no one reply me.
>
> Still no feedback. I've done some test by myself.
>
> a) i've added in smb.conf:
>
> netbios aliases = CUPSSV FILESV
>
> b) i've registered the alias as SPNs, now i've:
>
> root@vdcsv1:~# samba-tool spn list vdmsv1$
> vdmsv1$
> User
> CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,D
> C=it has the following servicePrincipalName:
> HOST/VDMSV1
> HOST/vdmsv1.ad.fvg.lnf.it
> HOST/filesv.ad.fvg.lnf.it
> HOST/FILESV
> HOST/CUPSSV
> HOST/cupssv.ad.fvg.lnf.it
>
> (for google, the correct commandline seems:
> samba-tool spn add HOST/cupssv.ad.fvg.lnf.it vdmsv1$
> )
>
> c) still does not work; if i browse the network i can see the 'FILESV'
>  host/server, but i cannot open it (give a generic/unknown error).
>
>
> Could be that there's no DNS records?
>
> root@vdcsv1:~# host filesv.ad.fvg.lnf.it
> Host filesv.ad.fvg.lnf.it not found: 3(NXDOMAIN)
>
> I've to add that, via 'samba-tool dns add'? I've to add 'A' records or
> i can add 'CNAME'?
>
>
> Thanks.
>
> --
> dott. Marco Gaiarin        GNUPG
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711  
> f +39-0434-842797
>
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 18 Dec 2017 15:24:16 +0100
Marco Gaiarin via samba <[hidden email]> wrote:

>
> > Ahem no one reply me.
>
> Still no feedback. I've done some test by myself.
>
> a) i've added in smb.conf:
>
> netbios aliases = CUPSSV FILESV
>
> b) i've registered the alias as SPNs, now i've:
>
> root@vdcsv1:~# samba-tool spn list vdmsv1$
> vdmsv1$
> User
> CN=VDMSV1,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
> has the following servicePrincipalName: HOST/VDMSV1
> HOST/vdmsv1.ad.fvg.lnf.it HOST/filesv.ad.fvg.lnf.it
> HOST/FILESV
> HOST/CUPSSV
> HOST/cupssv.ad.fvg.lnf.it
>
> (for google, the correct commandline seems:
> samba-tool spn add HOST/cupssv.ad.fvg.lnf.it vdmsv1$
> )
>
> c) still does not work; if i browse the network i can see the 'FILESV'
>  host/server, but i cannot open it (give a generic/unknown error).
>
>
> Could be that there's no DNS records?
>
> root@vdcsv1:~# host filesv.ad.fvg.lnf.it
> Host filesv.ad.fvg.lnf.it not found: 3(NXDOMAIN)
>
> I've to add that, via 'samba-tool dns add'? I've to add 'A' records or
> i can add 'CNAME'?
>
>
> Thanks.
>

I am wondering if you are mixing up netbios and dns here ?
netbios is what the earlier workgroups and NT4-style domains used to
find each other, or in other words 'network browsing'
If you are not using SMB1 (and you really shouldn't be) you will not be
using 'network browsing'.

Why do you think you need 'netbios aliases' ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
In reply to this post by Samba - General mailing list
Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> I dont get what your goal is, sorry.. :-/

And Rowland:

> Why do you think you need 'netbios aliases' ?


Simply: i was (ab)used to have, in my NT domain, some aliases for my
servers, so i can change servers (and move services) but keeping things
consistent.

Eg, all my printers are connected to \\CUPS\\<printername>, and my main
share is \\FILE\Work . Ever.
Because 'CUPS' and 'FILE' are aliases of my servers.


Some weeks ago i've asked if samba in AD mode can have server aliases,
as 'netbios aliases' had in NT mode.

Someone (Andrew, https://lists.samba.org/archive/samba/2017-December/212597.html)
reply me, 'yes', you have to set 'netbios aliases' but also add 'SPN'.


I'm simply trying to figure out how to do that, and i'm simply noted
that there's no DNS record for the aliases, as expected (ok, at least
as i expect ;).


I hope i'm clear, now.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
Hai Marco,

Yes, now its clear.
Just do as i did say, and you wil see it works.

Andrew is wrong here imo, you dont need netbios aliases, but CNAMES in the dns.
And if you dns is setup ok, this wil work fine, i know, runs fine here.
About 70% of my hosts are accessed by CNAMES.

Key to do, A + PTR, check if kerberos works, then create CNAME.
If you access by CNAME, Kerberos wil use the original hostname it points to.


Greetz,

Louis


 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Marco Gaiarin via samba
> Verzonden: maandag 18 december 2017 16:24
> Aan: [hidden email]
> Onderwerp: Re: [Samba] [Curiosity] 'netbios aliases' works in AD mode?
>
> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
>
> > I dont get what your goal is, sorry.. :-/
>
> And Rowland:
>
> > Why do you think you need 'netbios aliases' ?
>
>
> Simply: i was (ab)used to have, in my NT domain, some aliases for my
> servers, so i can change servers (and move services) but
> keeping things
> consistent.
>
> Eg, all my printers are connected to \\CUPS\\<printername>,
> and my main
> share is \\FILE\Work . Ever.
> Because 'CUPS' and 'FILE' are aliases of my servers.
>
>
> Some weeks ago i've asked if samba in AD mode can have server aliases,
> as 'netbios aliases' had in NT mode.
>
> Someone (Andrew,
> https://lists.samba.org/archive/samba/2017-December/212597.html)
> reply me, 'yes', you have to set 'netbios aliases' but also add 'SPN'.
>
>
> I'm simply trying to figure out how to do that, and i'm simply noted
> that there's no DNS record for the aliases, as expected (ok, at least
> as i expect ;).
>
>
> I hope i'm clear, now.
>
> --
> dott. Marco Gaiarin        GNUPG
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711  
> f +39-0434-842797
>
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 18 Dec 2017 16:24:23 +0100
Marco Gaiarin via samba <[hidden email]> wrote:

> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
>
> > I dont get what your goal is, sorry.. :-/
>
> And Rowland:
>
> > Why do you think you need 'netbios aliases' ?
>
>
> Simply: i was (ab)used to have, in my NT domain, some aliases for my
> servers, so i can change servers (and move services) but keeping
> things consistent.
>
> Eg, all my printers are connected to \\CUPS\\<printername>, and my
> main share is \\FILE\Work . Ever.
> Because 'CUPS' and 'FILE' are aliases of my servers.
>
>
> Some weeks ago i've asked if samba in AD mode can have server aliases,
> as 'netbios aliases' had in NT mode.
>
> Someone (Andrew,
> https://lists.samba.org/archive/samba/2017-December/212597.html)
> reply me, 'yes', you have to set 'netbios aliases' but also add 'SPN'.
>
>
> I'm simply trying to figure out how to do that, and i'm simply noted
> that there's no DNS record for the aliases, as expected (ok, at least
> as i expect ;).
>
>
> I hope i'm clear, now.
>

OK, NT4-style domains use netbios to find computers.
    AD domains use dns
So, my advice would be to use CNAME records in AD.

What Andrew said was correct, but netbios is on the way out, it relies
on SMB1 and the latest Win10 has this turned off by default.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
Mandi! Rowland Penny via samba
  In chel di` si favelave...

> OK, NT4-style domains use netbios to find computers.
>     AD domains use dns

Ok, this is clear.


> So, my advice would be to use CNAME records in AD.
> What Andrew said was correct, but netbios is on the way out, it relies
> on SMB1 and the latest Win10 has this turned off by default.

Ok, trying to sumarize: if i need a server alias:

a) for older clients (netbios/SMB1), i have to add 'netbios aliases'
 *AND* define SPN

b) for newer clients (AD/smb>1), i have to set a CNAME.


So, if i need both (for compatibility reason), i have to do both. Right?

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
On Tue, 19 Dec 2017 13:44:32 +0100
Marco Gaiarin via samba <[hidden email]> wrote:

> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
>
> > OK, NT4-style domains use netbios to find computers.
> >     AD domains use dns
>
> Ok, this is clear.
>
>
> > So, my advice would be to use CNAME records in AD.
> > What Andrew said was correct, but netbios is on the way out, it
> > relies on SMB1 and the latest Win10 has this turned off by default.
>
> Ok, trying to sumarize: if i need a server alias:
>
> a) for older clients (netbios/SMB1), i have to add 'netbios aliases'
>  *AND* define SPN

If you are using network browsing, you are using SMB1 (this is a BAD
idea) and you will not be using kerberos, so you will not require the
SPN.

>
> b) for newer clients (AD/smb>1), i have to set a CNAME.

Possibly

>
>
> So, if i need both (for compatibility reason), i have to do both.
> Right?

I actually think you need to update the clients to use a different
authentication method, you will probably find you don't need either
'netbios aliases' or 'CNAMEs'

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
In reply to this post by Samba - General mailing list
Only b is needed.

Im connecting here from a win 10 to a samba 3.6.6 smb1 through an CNAME.

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Marco Gaiarin via samba
> Verzonden: dinsdag 19 december 2017 13:45
> Aan: [hidden email]
> Onderwerp: Re: [Samba] [Curiosity] 'netbios aliases' works in AD mode?
>
> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
>
> > OK, NT4-style domains use netbios to find computers.
> >     AD domains use dns
>
> Ok, this is clear.
>
>
> > So, my advice would be to use CNAME records in AD.
> > What Andrew said was correct, but netbios is on the way
> out, it relies
> > on SMB1 and the latest Win10 has this turned off by default.
>
> Ok, trying to sumarize: if i need a server alias:
>
> a) for older clients (netbios/SMB1), i have to add 'netbios aliases'
>  *AND* define SPN
>
> b) for newer clients (AD/smb>1), i have to set a CNAME.
>
>
> So, if i need both (for compatibility reason), i have to do
> both. Right?
>
> --
> dott. Marco Gaiarin        GNUPG
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711  
> f +39-0434-842797
>
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: [Curiosity] 'netbios aliases' works in AD mode?

Samba - General mailing list
Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

> Only b is needed.

OK, and 'b' works also. ;-)


Thanks.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba