Hi Sreekanth, sorry for the long delay.
The difference I see is that you're doing this as administrator. I'm talking about validated-writes done by an account on it's own computer object. And that's what [MS-ADTS] 3.1.1.5.3.1.1.4 servicePrincipalName about, also see the parent section 3.1.1.5.3.1.1 Validated Writes Can you please continue your reserach on this? Thanks! metze > Hello Stefan, simple tests at my end using a test domain controller shows > that all of the following values are allowed by MS Windows domain controller. > Before I propose any doc changes, can you confirm which domain controller you > have used when you say "Testing against a Windows DC shows that **only** > numeric characters are allowed after ':'" Did you mean to say the domain > controller itself failed to add such SPN ? Or are you saying that it is the > SQL Server that didn't find an SPN that has a nonnumeric character after ":" > ? > > > > C:\Users\Administrator>setspn -A MSSQLSvc/myhost.379135DOM.LAB:1433 lvisser > > C:\Users\Administrator>setspn -A MSSQLSvc/myhost.379135DOM.LAB:MYINST1 > lvisser > > C:\Users\Administrator>setspn -A MSSQLSvc/myhost.379135DOM.LAB/MYINST2 > lvisser > > C:\Users\Administrator>setspn -l lvisser > > Registered ServicePrincipalNames for CN=lora > visser,CN=Users,DC=379135DOM,DC=LAB: > > MSSQLSvc/myhost.379135DOM.LAB/MYINST2 > MSSQLSvc/myhost.379135DOM.LAB:MYINST1 > MSSQLSvc/myhost.379135DOM.LAB:1433 > > > You can even have MSSQLSvc/myhost.379135DOM.LAB:8989797/MYINST2 > > > But ultimately, If the SPN does not match the string as constructed by the > Service i.e. SQL Server in this case, authentication will fail.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol