[Samba] Problems after PC is joined to the domain - Samba 4

L.P.H. van Belle belle at bazuin.nl
Mon Jun 2 06:49:53 MDT 2014


>> # hostname -d
>> dom.forest.int
>> 
>> # domainname
>> (none)

domainname   ( looks in kernel info ) 
hostname -d  ( is from resolving subsystems ) 	 

2 different things, read on, this is good info about this subject. 


The primary source of confusion seems to be the distinction between 
the hostname and the domain name which are set and determined in different ways, not simultaneously.

The kernel maintains the current hostname which is set (in a distribution-specific way) at boot time 
and can be changed on the fly. 
The domain name is determined by the resolver system, usually from the static hosts database (/etc/hosts) or via DNS


The kernel maintains the current (unqualified) hostname of the system.
Here are a few of the numerous ways to obtain it:
hostname
uname -n
cat /proc/sys/kernel/hostname
sysctl kernel.hostname

The hostname can be changed temporarily by running
hostname MyTempHostName

Each distribution has a script that runs at boot time which sets the hostname. 
The way to change the hostname permanently thus differs by distribution.

-  Debian has an init script, /etc/init.d/hostname.sh, which is called at boot time and sets the hostname 
   what is given in /etc/hostname. To change the hostname, place only the unqualified hostname (e.g., MyTempHostName) 
   in /etc/hostname and run sudo /etc/init.d/hostname.sh.

- Ubuntu, like Debian, also uses /etc/hostname, but to update the hostname after making a change, 
  run sudo service hostname start.

As of ubuntu 14.XX it is allowed to put the hostname.domain.tld in /etc/hostname 
( For debian I did not look this up )


The domain name is distinct from the hostname and is determined by the resolver subsystem
The current FQDN of the system can be found as follows:
hostname -f		MyTempHostName.example.com

To obtain this information the system first finds asks for the hostname:  MyTempHostName 
Then it asks for the IP address of MyTempHostName : (example 192.168.1.111 ) 
Finally, it asks for the full hostname and domain that corresponds to the IP adres 192.168.1.111

Here the man hostname also says.. 
in case of hostname -f 

A FQDN consists of a short host name and the DNS domain name. 
Unless you are using bind or NIS for host lookups you can change the FQDN and 
the DNS domain name (which is part of the FQDN) in the /etc/hosts file.




Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: steve at steve-ss.com [mailto:samba-bounces at lists.samba.org] 
>Namens steve
>Verzonden: maandag 2 juni 2014 14:06
>Aan: Theodotos Andreou
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Problems after PC is joined to the 
>domain - Samba 4
>
>On Mon, 2014-06-02 at 08:24 +0300, Theodotos Andreou wrote:
>> On 05/30/2014 02:40 PM, steve wrote:
>> > On Fri, 2014-05-30 at 14:08 +0300, Theodotos Andreou wrote:
>> >> On 05/30/2014 01:53 PM, steve wrote:
>> >>> On Fri, 2014-05-30 at 13:13 +0300, Theodotos Andreou wrote:
>> >>>> Hello SAMBA community,
>> >>>>
>> >>>> I used this guide to join a PC to the domain as member 
>using samba 4:
>> >>>> https://wiki.samba.org/index.php/Samba4/Domain_Member
>> >>>>
>> >>>> I am using Ubuntu 14.04 64 bit and I installed samba 
>from the repos. The
>> >>>> stock samba version is:
>> >>>>
>> >>>> # samba --version
>> >>>> Version 4.1.6-Ubuntu
>> >>>>
>> >>>> When I tried to join the PC to the domain I got:
>> >>>>
>> >>>> # net ads join -U admin
>> >>>> kerberos_kinit_password DOM\admin at DOM.FOREST.INT 
>failed: Client not found in Kerberos database
>> >>>> Failed to join domain: failed to connect to AD: Client 
>not found in Kerberos database
>> >>>>
>> >>>> Nevertheless the PC was joined to the domain despite 
>the above error and
>> >>>> proceeded with the following steps. But when I try the 
>lists the users
>> >>>> using 'wbinfo -u' I get some strange behavior. The 
>command takes too
>> >>>> long to complete and it then gives:
>> >>>>
>> >>>> # wbinfo -u --verbose
>> >>>> FOREST\usbms_somepcname
>> >>>>
>> >>>> The second time I run the command it takes again too 
>long but it gives
>> >>>> out the complete list of AD users. But when I try to login as a
>> >>>> particular user though I get:
>> >>>>
>> >>>> # su - myusername
>> >>>> No passwd entry for user 'myusername'
>> >>>> # id myusername
>> >>>> id: myusername: no such user
>> >>>>
>> >>>> This is my smb.conf:
>> >>>>
>> >>>> # cat /etc/samba/smb.conf
>> >>>>     [global]
>> >>>>
>> >>>>       netbios name = MYPCNAME
>> >>>>       workgroup = DOM
>> >>>>       security = ADS
>> >>>>       realm = DOM.FOREST.INT
>> >>>>       encrypt passwords = yes
>> >>> Hi
>> >>> try:
>> >>> add
>> >>> kerberos method = system keytab
>> >>> to [global]
>> >>> and issue:
>> >>> net ads keytab create -Uadmin
>> >>> (ru sure admin has sufficient privs to add machines?)?
>> >>>
>> >>>
>> >> I added that line and it gives:
>> >>
>> >> # net ads keytab create -U 'DOM\admin'
>> >> Enter DOM\admin's password:
>> >> kerberos_kinit_password DOM\admin at DOM..INT failed: Client 
>not found in Kerberos database
>> >> kerberos_kinit_password DOM\admin at LIM.TEPAK.INT failed: 
>Client not found in Kerberos database
>> >>
>> >> After omitting 'DOM\' from the username it gives:
>> >>
>> >> # net ads keytab create -U 'admin'
>> >> Enter admin's password:
>> >> ads_get_dnshostname: No dNSHostName attribute!
>> >> ../source3/libads/kerberos_keytab.c:328: unable to 
>determine machine account's dns name in AD!
>> >>
>> >> I have changed the true username and domain name for 
>reason of paranoia
>> >> :) but I am certain that the user I use is a domain admin.
>> > DNS on Ubuntu:
>> > 
>http://linuxcostablanca.blogspot.com.es/2014/05/dns-good-enough
>-for-kerberos.html
>> >
>> >
>> Ok now I have this configuration:
>> 
>> # grep 127 /etc//hosts
>> 127.0.0.1       localhost
>> 127.0.1.1       MYPCNAME.dom.forest.int MYPCNAME
>> 
>> and this:
>> 
>> # cat /etc/hostname
>> MYPCNAME
>> 
>> Testing:
>> 
>> # hostname -d
>> dom.forest.int
>> 
>> # domainname
>> (none)
>> 
>> I have no idea why domainname gives different results than 
>hostname -d
>
>It is because you have ignored the information in the link which you
>quote.
> 
>> 
>> The PC name resolves correctly on DNS:
>> 
>> # host MYPCNAME.dom.forest.int
>> MYPCNAME.dom.forest.int has address 10.10.10.156
>> 
>> The problem persists:
>> 
>> # net ads keytab create -U admin
>> Enter admin's password:
>> ads_get_dnshostname: No dNSHostName attribute!
>> ../source3/libads/kerberos_keytab.c:328: unable to determine 
>machine account's dns name in AD!
>
>Of course it can't. Try again. Same link as before, but this 
>time follow
>it correctly.
>HTH
>Steve
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list