[Samba] Joining an AD domain when hostname != netbios name

Jonathan Barber jonathan.barber at gmail.com
Thu Jun 17 09:08:40 MDT 2010 

I'm trying to join a RHEL5 host to an AD domain, and can do this
successfully when I set those hostname to the same value as the samba
"netbios name" parameter. However, when I try with a hostname !=
netbios name, it fails. Is it possible to join a machine when the
hostname isn't the same as the netbios name?

The reason for wanting this is because I have a whole load of servers
with hostnames > 15 characters in length and changing the hostname
isn't realistic.

Details as follows:
# hostname
yet-another-joining-test

# hostname -f
yet-another-joining-test.ptin.corppt.com

# hostname -s
yet-another-joining-test

# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.112.28.54 yet-another-joining-test.ptin.corppt.com yet-another-joining-test

# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
  workgroup = PTIN
  realm = PTIN.CORPPT.com
  netbios name = YETANOTHERTEST1
  security = ADS

# net ads join -U x01024
x01024's password:
Using short domain name -- PTIN
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Failed to disable machine account for 'YETANOTHERTEST1' in realm
'PTIN.CORPPT.COM'
Failed to disable machine account in AD.  Please do so manually.
Failed to join domain: Type or value exists

This creates the entry for the machine in AD ("net ads status" shows
it) but doesn't populate the dNSHostName or servicePrincipalName
attributes.

Running "net ads join" with "-d 10" shows:
  name_to_fqdn(): lookup for YETANOTHERTEST1 failed

If I add the netbios name to my /etc/hosts then name_to_fqdn()
succeeds and returns the FQDN - but the join still fails with the same
message. If I run wireshark during an attempted join, then I can see
that an ldapmodify operation on the existing machine entry is failing
with a constraintViolation on the dNSHostName attribute.

If I then change the hostname to "yetanothertest1" and update /etc/hosts to:
# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.112.28.54 yetanothertest1.ptin.corppt.com yetanothertest1

then the join works and the entry has the dNSHostName attribute
populated with the netbios name. If I then change the hostname back to
the longer version and revert /etc/hosts, then I can join again - but
it always uses the netbios name as the hostname and seems to be
resolving the hostname via AD.

The OS is x86_64 RHEL5.4 and samba from the RPM
samba-common-3.0.33-3.14.el5, winbind is not running when I try to
join.

So; am I doing something wrong, or is it not possible?

Many thanks.
--
Jonathan Barber <jonathan.barber at gmail.com>

More information about the samba mailing list