从 linux 构建服务器创建 SPN

使用该setspn工具时，您所做的只是修改 AD 中指定计算机/用户的servicePrincipalName属性。

要在 Linux 机器上执行相同的操作，您只需使用 LDAP 工具连接到域控制器并像其他任何操作一样修改属性。请记住，它是一个多值属性。因此，不要意外清除目标上可能存在的现有条目。

用于 Windows 远程管理 (WinRM) 的 Python 库将允许您从 Linux 机器在 Windows 机器上运行远程命令

pywinrm 是一个用于 Windows 远程管理 (WinRM) 的 Python 客户端。这允许您从任何可以运行 Python 的机器调用目标 Windows 机器上的命令。

https://blogs.technet.microsoft.com/heyscriptingguy/2015/10/27/using-winrm-on-linux/

https://github.com/diyan/pywinrm

我不认为有用于在 Active Directory 中注册 SPN 的 Linux 工具。根据您的应用程序及其设置方式，您可以委托服务帐户注册 SPN。

Open Active Directory Users and Computers.

To open Active Directory Users and Computers, click Start, click Run, type dsa.msc, and then press ENTER.

Click View, and verify that the Advanced Features check box is selected.

Click Advanced Features, if it is not selected.

If the domain to which you want to allow a disjoint namespace does not appear in the console, take the following steps:

    In the console tree, right-click Active Directory Users and Computers, and then click Connect to Domain.

    In the Domain box, type the name of the Active Directory domain to which you want to allow the disjoint namespace, and then click OK.

    As an alternative, you can use the Browse button to locate the Active Directory domain.

In the console tree, right-click the node that represents the domain to which you want to allow a disjoint namespace, and then click Properties.

On Security tab, click Advanced.

On the Permissions tab, click Add.

In Enter the object name to select, type the group or user account name to which you want to delegate permission, and then click OK.

Configure the Apply onto box for Computer objects.

At the bottom of the Permissions box, select the Allow check box that corresponds to the Validated write to service principal name permissions, and then click OK on the three open dialog boxes to confirm your changes.

Close Active Directory Users and Computers.