From LedHed's Wiki
Jump to: navigation, search
(Created page with "== Overview == By default Kerberos authentication will fail when accessing a server using a DNS Alias / CNAME. == Solution == Create an alias for the host in Active Director...")
 
 
Line 11: Line 11:
 
CNAME/Alias = FS1.domain.tld<br>
 
CNAME/Alias = FS1.domain.tld<br>
 
  netdom computername FileServer-01.domain.tld /Add:FS1.domain.tld
 
  netdom computername FileServer-01.domain.tld /Add:FS1.domain.tld
 +
 +
The netdom command registers a SPN for the server using the provided alias.
  
  

Latest revision as of 04:59, 30 June 2023

Overview

By default Kerberos authentication will fail when accessing a server using a DNS Alias / CNAME.


Solution

Create an alias for the host in Active Directory using the 'netdom' command: 

netdom computername <FQDN> /Add:<ALIAS>

Example:
Server's FQDN = FileServer-01.domain.tld
CNAME/Alias = FS1.domain.tld

netdom computername FileServer-01.domain.tld /Add:FS1.domain.tld

The netdom command registers a SPN for the server using the provided alias.


References

https://serverfault.com/questions/481289/will-kerberos-work-with-cnames-if-i-have-the-spn-created-for-the-a-record-as-wel

Retrieved from "http://wiki.ledhed.net/index.php?title=Kerberos_and_CNAMEs&oldid=3561"