Hi, if I try to use: kinit -k -t test.keytab zookeeper/node1.test.lan fail with: kinit: Client 'zookeeper/node1.test.lan@TEST.LAN' not found in Kerberos database while getting initial credentials using "strace -f -s512 /usr/sbin/samba -i -d 10 " to view ldap queries in the old version of samba (4.5.1) the following queries are made: (&(objectClass=user)(userPrincipalName=zookeeper/node1.pro.lan at PRO.LAN)) (&(objectClass=user)(samAccountName=zookeeper/node1.pro.lan)) (&(servicePrincipalName=zookeeper/node1.pro.lan)(objectClass=user)) and not in the new version (4.11.9) : (&(userPrincipalName=zookeeper/ap42.test.lan at TEST.LAN)(objectClass=user)) (&(samAccountName=zookeeper/ap42.test.lan)(objectClass=user))" Kerberos: UNKNOWN -- zookeeper/ap42.test.lan at TEST.LAN: no such entry found in hdb best regards.
This is deliberate and expected, as we previously deviated from the Windows behaviour. Put the SPN in the userPrincipalName if you want to do this.