[PATCH] net: improve/fix net ads dns register.
Andreas Schneider
anschneider at suse.de
Tue Dec 16 11:46:10 GMT 2008
On Friday 12 December 2008 19:00:05 Gerald (Jerry) Carter wrote:
> Hey Andreas,
>
Hi Jerry,
> This has been proposed before and while I personally think that it
> is better to correctly configured the host machine with a FQDN,
> I understand the rationale.
Then you need a variable in smb.conf called dns_domain.
>
> The way we work around this (in Likewise Open) is to configure /etc/hosts
> prior to the join based on the AD domain (unless instructed not to change
> the machine's FQDN since some site have disjoint DNS domains between
> Windows and Unix).
I don't think that adding a value to /etc/hosts is a good way to do this.
/etc/hosts doesn't reflect the current network you're in. And I see e.g. the
problem if you have an entry in /etc/hosts like:
127.0.0.2 rupert.galaxy.site rupert
then it registered 127.0.0.2 as IP address too.
>
> Even registering the assume hostname=lp_realm() name with DNS, you
> still need the FQDN configured on the machine in my experience so you
> are only delaying any Kerb5 and SSO problems.
I think you got something wrong. If we can resolve the hostname via dns, then
I assume hostname = machine_name + lp_realm().
According to different Microsoft documents [1] [2] the fqdn is the
computername and the dns domain. Both can be configured/changed (computer name
tab in system properties).
So I think that it would be the best, if you can't resolve it via DNS (or an
/etc/hosts entry, which will still work with the patch) lets fall back and try
hostname = machinename + realm or if preferred add a new config value "dns
domain".
> > Would it make sense to implement the DDNSUpdate in winbind itself. So
> > that you can enable it with an options and winbind will update the entry
> > when it goes online?
>
> that has been discussed. Makes sense to me. There's also the
> outstanding issue that I nenver resolved (i.e. commited jpeach's
> patches for egister PTR records)
>
Could you point me to this patch?
>
>
> cheers, jerry
Best regards,
-- andreas
[1] http://technet.microsoft.com/en-us/library/cc784052.aspx
[2] http://support.microsoft.com/kb/816592
--
Andreas Schneider, SUSE Labs, http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba-technical/attachments/20081216/509c87ba/attachment.bin
More information about the samba-technical
mailing list