I'm setting up a process which would automatically create the SPNs for newly exposed service URLs. I am aware of how to create an SPN with Windows using the setspn -A command with the right priviliges.
As my build server is running on Linux, I wonder, is there any way – other than logging in to a windows server and running setspn – to create the SPN from a Linux server?
Best Answer
When you use the
setspn
tool, all you're doing is modifying the servicePrincipalName attribute of the specified computer/user in AD.To do the same from a Linux machine, you just need to use an LDAP tool to connect to a domain controller and modify the attribute like you would any other. Keep in mind that it's a multi-valued attribute though. So don't accidentally wipe out existing entries that might exist on the target.