Stupid /etc/hosts problems with service principal names

Andrew Bartlett abartlet at
Wed Apr 18 18:37:13 MDT 2012

On Wed, 2012-04-18 at 10:02 -0700, Richard Sharpe wrote:
> Hi folks,
> I recently saw a problem with Samba giving out what seemed like the
> wrong service principal name in the response to a Negotiate Protocol,
> but it came down to Samba trying to convert the hostname (short form)
> into an FQDN and name_to_fqdn calls gethostbyname, which, because of
> /etc/nsswitch, looks in /etc/hosts, and since we had an entry there
> that had not been changed after the domain join, came up with the
> wrong FQDN ...
> It seems to me that the correct thing here is not to put an entry for
> this machine in /etc/hosts (apart from localhost) relating to the
> hostname of the member server because it should be using DNS anyway,
> and if access to DNS is broken, lots of stuff is not going to work
> anyway.
> Any comments? Is this stuff that has been discussed before now?

Which version is this?

However, this is partly why in master we do not generate this principal
name in the NegProt, and in 3.6 we do not honour it by default in the

Which client is honouring the incorrect value (old Samba versions

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list