Skip to main content

Posts

Showing posts with the label active directory

Samba 4 and Linux Domain Controllers

Samba 4 is nothing short of amazing. Until recently I was familiar with earlier versions and had done nothing more than mounted cross-OS volumes (to create simple white-label NFS storage devices, for example). Version 4 has hacked some major portions of the Windows kernel functionality and re-worked them in Python.  For example, did you know that a Linux server can be an Active Directory Domain Controller? Install samba-tool and run the following command (assuming your domain already exists):  # samba-tool join MY.DOMAIN DC -Uadministrator@my.domain --realm=MY.DOMAIN Use the 'samdump' operator for Kerberos data to standard output:  # samba-tool samdump In no way would I recommend this for outside of a testing / development environment - there are some key differences between samba 4 AD and real AD (one issue documented so far is that samba 4 uses some NT 4 notions that Windows simply emulates in recent versions, for example  primary and secondary domain controller r

Fixing Event ID 10154 - The WinRM service failed to create the following SPN

The Problem The configuration of the system when this error was encountered is as follows: A. Windows Server 2008 R2 Redundant Domain Controllers - we will call these DC1.joshwieder.com and DC2.joshwieder.com B. Windows Server 2003 Web Server with Windows Remote Management enabled / part of the Active directory deployment - we will call this WEB.joshwieder.com C. For the sake of our example, let's say I have configured an OU named "Web Servers" on those domain controllers Whenever the Windows 2003 Web server reboots, or WinRM.exe service on the Windows 2003 Web server restarts, the following error was logged into the Event Viewer: Event ID: 10154 Source: Microsoft-Windows-WinRM Version: 6.1 Symbolic Name: LOG_WSMAN_SPN_CREATION Message: The WinRM service failed to create the following SPN: %1. Additional Data The error received was 8344: Insufficient access rights to perform the operation. User Action The SPN can be created by an administrator using sets