[Samba] adding netbios name stops getent from working

L.P.H. van Belle belle at bazuin.nl
Thu Apr 15 07:23:15 UTC 2021 

Good morning People around the world. 

Now, even if you dont have netbios name set in smb.conf, 
the defaults are that its using the systems hostname, so dont change that. 
And this is why i show this "default" setting in my config.
Using the netbios alias, never dont that really and netbios uses NMBD,
which we shouldnt use anyway. 

Basicly it always comes back to these things. 
Does the server has the correct IP and is the PTR  record set. 
And is the search domain the same as the primary DNS zone
last applies for servers and clients. 

PTR, should be there and always checked, and i recommend it for all server to have it, with the PTR, the CNAMES keep working, because the CNAME points
back to the "real" hostname/PTR records. 

if you set up like that. 
You can use \\servername \\aliasname\ \\servername.fqdn\ \\alias.fqdn\ 

But, side node, its recommended to use the FQDN.  
For example, a fileserver, i set the resolving up like this. 

hostname.internal.dom.tld 	A 192.168.0.1
1.0.168.192-in.arpa		PTR hostname.internal.dom.tld
file1.internal.dom.tld		CNAME hostname.internal.dom.tld.

if its also a print server. 
ptr1.internal.dom.tld		CNAME hostname.internal.dom.tld.

if its also a proxy server 
prx1.internal.dom.tld		CNAME hostname.internal.dom.tld.

for AD-DC's, think in ntp dns what can be used for CNAMEs

And in scripts, settings, GPOS etc etc. i use the alias name in FQDN. 
saves time when i need to replace a server of move a funtion/service to an
other server and, setup like this, kerberos keeps working, 
Only thing sometimes needed is adding an aliasname (UPN/SPN) in keytab file

I hope this was usefull for you and gave some ideas. 

So, Jason, my guess in your case, add the PTR.  ;-) 
if you already have the PTR set, then something is off, then post :  

dig a $(hostname -f)|grep A

And yes, this next line is one line.. 

dig -x $(dig a $(hostname -f)|grep A|awk '{ print $NF }' \
 |grep $(hostname -i))

/etc/hosts 
/etc/resolv.conf
/etc/krb5.conf 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jason Keltz via
> samba
> Verzonden: woensdag 14 april 2021 19:58
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] adding netbios name stops getent from working
> 
> 
> On 4/14/2021 1:53 PM, Rowland penny via samba wrote:
> > On 14/04/2021 18:12, Jason Keltz via samba wrote:
> >>
> >> On 4/14/2021 12:37 PM, Rowland penny via samba wrote:
> >>> On 14/04/2021 17:29, Jason Keltz via samba wrote:
> >>>> Hi.
> >>>>
> >>>> I have a Samba file server which is part of an AD domain.  I can
> >>>> ssh to the server using my AD username/password.  I can also mount
> >>>> my home directory under Windows.  Everything works as I expect.
> >>>> However, I need to give the server an alias.  If I use "netbios
> >>>> name" to set that alias in smb.conf, then "getent passwd <user>"
> >>>> stops working, and I can no longer login. Why is that?
> >>>>
> >>>> Jason.
> >>>>
> >>>>
> >>>
> >>> It would be 'netbios alias' except that would require SMBv1 and you
> >>> probably have it turned off, not to mention that AD uses dns instead
> >>> of netbios.
> >>>
> >>> Why do 'need' to give it an alias ?
> >>>
> >>> If you must give it an alias, do a search on 'CNAME'
> >>
> >> Hi Rowland!
> >>
> >> I have always used an "alias" (netbios name) so that if I need to
> >> rebuild the server with a new name (say, during an upgrade), the user
> >> doesn't need to change any of their mounts. The server can be called
> >> "abcd" and changed to "efgh", but if the user knows to always mount
> >> their home directory as say, "\\fileserver\homes", then it will
> >> always work no matter what I change the physical server name to.
> >>
> >> I already have the CNAME.  I tried that.  Under Windows, I'm logged
> >> into the AD domain.  If I try to mount from \\fileserver\homes, then
> >> I get asked for my username and password, and the mount fails.  On
> >> the other hand, if I try to mount from say,
> >> \\fileserver.full.domain\homes, it works.  I don't even need to
> >> "re-enter" my username and password as would be expected.  When I do
> >> an nslookup of just "fileserver", that works.  The fact that the
> >> login box comes up probably means it has contacted the host. It's
> >> just not clear why I can't login without specifying the full path.
> >>
> >> Jason.
> >>
> >>
> >
> > Louis could probably explain it better than I, but it seems that
> > Windows is moving towards using FQDN's instead of short hostnames.
> > Other tools may, and apparently do, work differently, just because
> > 'nslookup' will work with a short hostname, does not mean Windows
> > tools will.
> 
> Hi Rowland,
> 
> The interesting thing is that \\name-of-server-without-domain works, but
> \\alias-of-server-without-domain doesn't.  As you said, maybe Louis has
> some ideas.
> 
> Thanks!
> 
> Jason.
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list