Join a domain independently of local hostname
Stefan Metzmacher
metze at samba.org
Thu Aug 29 20:03:55 UTC 2019
Hi Isaac,
> In the join process, if we get an fqdn from getaddrinfo for local
> machine then we prefer to use that for dnsHostName and fqdn SPN over
> nbname+realm, see:
> https://github.com/samba-team/samba/blob/1f923e067dbe358c17cbccfe179baa811aa3b8b3/source3/libnet/libnet_join.c#L523
>
> I'm working on a ticket where the customer wants to be able to join a
> domain based only on netbios name from smb.conf, independently of
> local machine hostname (reportedly, this used to work). The problem
> they are facing, is that the fqdn returned from getaddrinfo, sometimes
> has already got a registered SPN and the join fails with "Failed to
> set machine spn: Constraint violation".
>
> I wonder how can we accommodated this use case, maybe we can fallback
> to nbname+realm if we get this error, or perhaps by adding a new
> parameter to net-join specifying the machine fqdn, or a new smb.conf
> option ?
I think we should not use the machine fqdn.
Just "netbios name" and "netbios aliases" together with the
configured "realm" via the "lp_dnsdomain() function.
I think we could have a new option "dns hostname aliases",
which can take a list of additional names.
This make the whole join process much more reliable
and avoids relying on /etc/hostname values to
be correct.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190829/8341d864/signature.sig>
More information about the samba-technical
mailing list