Discussion:
[Samba] GPO set link contaniter
(too old to reply)
Yosel Lazaro Vera Gonzalez
2015-02-13 20:40:03 UTC
Permalink
I created a gpo with samba-tool, but I want to assign to a OU, the GPO that I created earlier,
I guess I need to use the command, samba-tool gpo SetLink. How the command is used?
samba-tool gpo setLink OU=People,DC=dominio,DC=pdc,DC=cu cn_GPO
But it did not work
Throws the following exception Badly formed gpLink
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marcel de Reuver
2015-02-13 23:00:02 UTC
Permalink
You should manage GPO's with the Group Policy editor. It's part of the
Windows RSAT tools.
See also: https://wiki.samba.org/index.php/Samba_AD_management_from_windows

Regards,
Marcel


2015-02-13 21:33 GMT+01:00 Yosel Lazaro Vera Gonzalez <
I created a gpo with samba-tool, but I want to assign to a OU, the GPO
that I created earlier,
I guess I need to use the command, samba-tool gpo SetLink. How the
command is used?
samba-tool gpo setLink OU=People,DC=dominio,DC=pdc,DC=cu cn_GPO
But it did not work
Throws the following exception Badly formed gpLink
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Olivier BILHAUT
2015-02-16 15:10:02 UTC
Permalink
Hi Rowland,

Thanks for your help again. I understand the
difference between the UPN (User Principal Name) and the SPN (Service
Principal Name).

But in your second exemple, you never mention the
SPN, neither in the keytab export or in the kinit command.

Does that
means that there is no kinit possible using the SPN?

So I am worried
of what is the benefice of adding a SPN to a user instead of using the
UPN directly ?

So the same question more clearly : how do you use the
SPN and why?

Thanks,
--

Olivier
Yes, you are mixing up user
principal names with service principal
names, your user has a user
If we create the user,
samba-tool user
create --random-password http-dc01
samba-tool spn add
HTTP/dc01.home.lan http-dc01
samba-tool domain exportkeytab
/etc/httpd.keytab
ktutil
ktutil: rkt /etc/httpd.keytab
ktutil: l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
2 1
3 1
ktutil: q
You can see that
there is only the spn in the keytab and if you try 'kinit'
kinit -k
-t /etc/httpd.keytab -c /tmp/http-dc01.krb5cc http-dc01
kinit: Generic
preauthentication failure while getting initial credentials
now if
samba-tool domain exportkeytab /etc/http-dc01.keytab
ktutil
ktutil: rkt /etc/http-dc01.keytab
ktutil: l
slot KVNO
Principal
---- ----
---------------------------------------------------------------------
3 1
ktutil: q
kinit
-k -t /etc/http-dc01.keytab -c /tmp/http-dc01.krb5cc http-dc01
and
http-dc01.krb5cc
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...