RE: [ActiveDir] Creating a service instance account in AD

[Marcus.Oh]

Yep, you’re right… shouldn’t matter.  What little I’ve done w/ SPNs has always been setting the user account against a hostname.  Never tried w/ just the computer account.   :m:dsm:cci:mvp | marcusoh.blogspot.com   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of T C Sent: Tuesday, April 04, 2006 1:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Creating a service instance account in AD   I don't see how delegation helps in this case.  Apparently AD issues a ticket for this service.  But I went ahead and trust the computer account for delegation anyway, and it still fails. Terry On 4/3/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Do you need to trust the computer account for delegation?   :m:dsm:cci:mvp | marcusoh.blogspot.com From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of T C Sent: Monday, April 03, 2006 5:19 PM To: Active Directory Discussions Subject: [ActiveDir] Creating a service instance account in AD   Hi, I am working on bringing a Unix service under AD.  To do this I need to map a service principal name (SPN) to an AD account.  The MS document specifies using a user account for this, and I have tested with this and it works.  However, I am also trying to use a computer account for this.  Everything seems to work except the ticket cannot be decrypted.  So I am curious if computer accounts can be used for this purpose.  It seems quite straightforward, but it just didn't work. Thanks, Terry