[PATCH] net: improve/fix net ads dns register.

Andreas Schneider anschneider at suse.de
Tue Dec 16 11:46:10 GMT 2008 

On Friday 12 December 2008 19:00:05 Gerald (Jerry) Carter wrote:
> Hey Andreas,
>

Hi Jerry,

> This has been proposed before and while I personally think that it
> is better to correctly configured the host machine with a FQDN,
> I understand the rationale.

Then you need a variable in smb.conf called dns_domain.

>
> The way we work around this (in Likewise Open) is to configure /etc/hosts
> prior to the join based on the AD domain (unless instructed not to change
> the machine's FQDN since some site have disjoint DNS domains between
> Windows and Unix).

I don't think that adding a value to /etc/hosts is a good way to do this. 
/etc/hosts doesn't reflect the current network you're in. And I see e.g. the 
problem if you have an entry in /etc/hosts like:

127.0.0.2 rupert.galaxy.site rupert

then it registered 127.0.0.2 as IP address too.

>
> Even registering the assume hostname=lp_realm() name with DNS, you
> still need the FQDN configured on the machine in my experience so you
> are only delaying any Kerb5 and SSO problems.

I think you got something wrong. If we can resolve the hostname via dns, then 
I assume hostname = machine_name + lp_realm().

According to different Microsoft documents [1] [2] the fqdn is the 
computername and the dns domain. Both can be configured/changed (computer name 
tab in system properties).

So I think that it would be the best, if you can't resolve it via DNS (or an 
/etc/hosts entry, which will still work with the patch) lets fall back and try

hostname = machinename + realm or if preferred add a new config value "dns 
domain".

> > Would it make sense to implement the DDNSUpdate in winbind itself. So
> > that you can enable it with an options and winbind will update the entry
> > when it goes online?
>
> that has been discussed.  Makes sense to me.  There's also the
> outstanding issue that I nenver resolved (i.e. commited jpeach's
> patches for egister PTR records)
>

Could you point me to this patch?

>
>
> cheers, jerry

Best regards,


	-- andreas


[1] http://technet.microsoft.com/en-us/library/cc784052.aspx
[2] http://support.microsoft.com/kb/816592


-- 
Andreas Schneider, SUSE Labs, http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba-technical/attachments/20081216/509c87ba/attachment.bin

More information about the samba-technical mailing list