Kerberos and CNAMEs

From LedHed's Wiki

Revision as of 04:57, 30 June 2023 by Ledhed (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Overview

By default Kerberos authentication will fail when accessing a server using a DNS Alias / CNAME.

Solution

Create an alias for the host in Active Directory using the 'netdom' command:

netdom computername <FQDN> /Add:<ALIAS>

Example:
Server's FQDN = FileServer-01.domain.tld
CNAME/Alias = FS1.domain.tld

netdom computername FileServer-01.domain.tld /Add:FS1.domain.tld

References

https://serverfault.com/questions/481289/will-kerberos-work-with-cnames-if-i-have-the-spn-created-for-the-a-record-as-wel

Retrieved from "http://wiki.ledhed.net/index.php?title=Kerberos_and_CNAMEs&oldid=3560"

Active Directory

Navigation menu