Simply put,
- UPN: An entity performing client requests to some service. Entity may be human or machine. See here.
- SPN: An entity processing requests for a specific service, e.g., HTTP, LDAP, SSH, etc. Machine only. See here.
A UPN retrieves a service ticket for an SPN to use that actual service.
If your samba-tool
call your request samba to register the SPN app/dc.example.com
to the UPN foobar
. Since You have not provided the realm of the SPN and UPN, Samba will assume the default realm of the machine this call is performed from. In Windows terms, you mostly bind an SPN to a machine UPN. Which is always: <name>$@<REALM>
. Note the dollar sign.