P
P
pred8or2021-11-16 15:35:16
linux
pred8or, 2021-11-16 15:35:16

The second 1C server under Linux - domain authentication?

There is a domain 2012R2, in the domain user usr1cv8.

There is a 1C server srv-1c8-2.domainfor which the keytab was once written out as follows:

ktpass -princ usr1cv8/[email protected] -mapuser [email protected] -pass %password -out usr1cv8.keytab


What to do if you need to add another server, srv-1c8-3.domain? An attempt to use the same spell failed:

ktpass -princ usr1cv8/[email protected] -mapuser [email protected] -pass %password -out usr1cv8.srv-1c8-3.keytab
Targeting domain controller: DC.domain
Using legacy password setting method
Failed to retrieve values for property ?????????: 0x10.
Failed to set property 'servicePrincipalName' to 'usr1cv8/srv-1c8-3.domain
' on Dn 'CN=1C User,CN=Users,DC=domain': 0x32.
WARNING: Unable to set SPN mapping data.
If usr1cv8 already has an SPN mapping installed for usr1cv8/srv-1c8-3.domain, this is no cause for concern.
Failed to retrieve user info for usr1cv8: 0x5.
Aborted.


The description of ktpass says

You cannot map multiple service instances to the same user account.


Does this mean that you need to create another domain user and map to it already?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
P
Pavel Mezhuev, 2021-11-16
@pred8or

Two servers - two accounts in AD, each server has its own account.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question