[PATCH] net: improve/fix net ads dns register.

Gerald (Jerry) Carter jerry at samba.org
Fri Dec 12 18:00:05 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andreas Schneider wrote:
> Hello,
> 
> net ads dns register only works under special conditions.
> 
> a) A DNS query to find the full hostname must work.
>    This only works if:
>    * if you use the right nameserver or
>    * you get the search domain via DHCP
>    If you do the query ther first time then there is no
>    entry on the dns server. You have to create it manually.
> 
> b) An entry in /etc/hosts
> 
> Attached is a patch which still try to resolve the name via DNS but if it 
> fails, it uses the machine_name + realm to create the full host name.
> Normally you want to use this dns domain.

Hey Andreas,

This has been proposed before and while I personally think that it
is better to correctly configured the host machine with a FQDN,
I understand the rationale.

The way we work around this (in Likewise Open) is to configure /etc/hosts
prior to the join based on the AD domain (unless instructed not to change
the machine's FQDN since some site have disjoint DNS domains between
Windows and Unix).

Even registering the assume hostname=lp_realm() name with DNS, you
still need the FQDN configured on the machine in my experience so you
are only delaying any Kerb5 and SSO problems.

Would you comment on these concerns?  Thanks.

> Would it make sense to implement the DDNSUpdate in winbind itself. So that you 
> can enable it with an options and winbind will update the entry when it goes 
> online?

that has been discussed.  Makes sense to me.  There's also the
outstanding issue that I nenver resolved (i.e. commited jpeach's
patches for egister PTR records)





cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJQqakIR7qMdg1EfYRAo1xAKDuEqGXJMs115pW3EGslTg4jL5PPgCeJbXn
pGToUmyo9BjkkgbWxFnxFgI=
=BtFw
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list