In bug #14396 we added msDS-AdditionalDnsHostName entries to the keytab with tests for it, but it still does not work against Windows DCs. I turns out that every time you add an entry to msDS-AdditionalDnsHostName, Windows DC adds another short entry (up to the first dot if any) with a strange '\0$' suffix. The binary null at 'entry[entry_len-2]' causes ldap_get_values() to fail parsing it as a string, so we need to use ldap_get_values_len(). Since samba-dc currently doesn't add these short names I think we should just ignore them so the keytab looks the same.
> Since samba-dc currently doesn't add these short names I think we should just ignore them so the keytab looks the same. Not sure if samba-dc should add it the same way (as binary), it maybe a bug in Windows I'll ask dochelp.
BTW, it looks like Windows also updates the SPN list on the server side when the msDS-AdditionalDnsHostName is modified similar to the triggers we have for dNSHostName changes in samldb_service_principal_names_change().
Sent a question to dochelp about the DC handling: https://lists.samba.org/archive/cifs-protocol/2020-June/003460.html
Created attachment 16060 [details] patch for v4-12-test branch
Pipeline for v4.12 branch: https://gitlab.com/samba-team/devel/samba/-/commits/iboukris-v4-12-test
(In reply to Isaac Boukris from comment #5) Updated pipeline: https://gitlab.com/samba-team/devel/samba/-/commits/iboukris-v4-12-test
Created attachment 16062 [details] patch for v4-12-test branch
Comment on attachment 16062 [details] patch for v4-12-test branch updated patch.
Karolin, please add the patchset to 4.12. Thanks.
(In reply to Andreas Schneider from comment #9) Pushed to autobuild-v4-12-test.
(In reply to Karolin Seeger from comment #10) Pushed to v4-12-test. Closing out bug report. Thanks!