Stupid /etc/hosts problems with service principal names
Andrew Bartlett
abartlet at samba.org
Wed Apr 18 18:37:13 MDT 2012
On Wed, 2012-04-18 at 10:02 -0700, Richard Sharpe wrote:
> Hi folks,
>
> I recently saw a problem with Samba giving out what seemed like the
> wrong service principal name in the response to a Negotiate Protocol,
> but it came down to Samba trying to convert the hostname (short form)
> into an FQDN and name_to_fqdn calls gethostbyname, which, because of
> /etc/nsswitch, looks in /etc/hosts, and since we had an entry there
> that had not been changed after the domain join, came up with the
> wrong FQDN ...
>
> It seems to me that the correct thing here is not to put an entry for
> this machine in /etc/hosts (apart from localhost) relating to the
> hostname of the member server because it should be using DNS anyway,
> and if access to DNS is broken, lots of stuff is not going to work
> anyway.
>
> Any comments? Is this stuff that has been discussed before now?
Which version is this?
However, this is partly why in master we do not generate this principal
name in the NegProt, and in 3.6 we do not honour it by default in the
client.
Which client is honouring the incorrect value (old Samba versions
would)?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list