Hi Quinn, for Active Directory or Samba 4 DC this may be quite tricky:
In Active Directory exists a principal alias list, that applies to all (?) SPN objects - so you may only see a HOST/ principal, but this one may also be valid for a whole bunch of other names, like cifs/ ... HTTP/ ... whatever. s. http://technet.microsoft.com/library/cc731241(WS.10).aspx A list of aliases can be found here (s. sPNMappings attribute values): # Directory Service, Windows NT, Services, Configuration, testdomain.org dn: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=testdomain,D C=org objectClass: top objectClass: nTDSService cn: Directory Service instanceType: 4 whenCreated: 20120225102013.0Z whenChanged: 20120225102013.0Z uSNCreated: 1956 tombstoneLifetime: 180 uSNChanged: 1956 showInAdvancedViewOnly: TRUE name: Directory Service objectGUID:: 0/aW88ga30mQG2qs70VoYg== objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,DC=testdomain,DC=org sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww w,http,w3svc,iisadmin,msdtc msDS-Other-Settings: DisableVLVSupport=0 msDS-Other-Settings: DynamicObjectMinTTL=900 msDS-Other-Settings: DynamicObjectDefaultTTL=86400 distinguishedName: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configura tion,DC=testdomain,DC=org Bye, Marcel -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Quinn Plattel Gesendet: Montag, 16. Juli 2012 14:42 An: samba Betreff: [Samba] Listing principals in samba4? Hi, Is there a way to see what principals exist in the samba4 domain? I could list the principals in a keytab file, but that does not reflect what is in the samba4 domain. br, Quinn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
