[Samba] Samba ADS-member-server: FQDNs in /etc/hosts

Stefan G. Weichinger lists at xunil.at
Mon Jul 10 09:45:31 UTC 2017 

(new thread, same migration project)

I see GPOs applied, but network drives sometimes mapped, sometimes not.

Found something around hardened UNC paths, applied some GPO, dunno if
that is necessary or helps (I still have to check where to apply that
GPO, computer or user ...).

While debugging that I find in log.smbd on the member server:

[2017/07/10 11:22:20.290018,  1] ../source3/lib/util.c:1974(name_to_fqdn)
  WARNING: your /etc/hosts file may be broken!
      Full qualified domain names (FQDNs) should not be specified
      as an alias in /etc/hosts. FQDN should be the first name
      prior to any aliases.
[2017/07/10 11:23:15.561739,  1] ../source3/lib/util.c:1974(name_to_fqdn)
  WARNING: your /etc/hosts file may be broken!
      Full qualified domain names (FQDNs) should not be specified
      as an alias in /etc/hosts. FQDN should be the first name
      prior to any aliases.
[2017/07/10 11:23:15.602520,  1]
../source3/auth/token_util.c:430(add_local_groups)
  SID S-1-5-21-2940660672-4062535256-4144655499-1031 -> getpwuid(11031)
failed
[2017/07/10 11:23:15.602534,  1]
../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac)
  Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)


Yes, I have FQDNs in /etc/hosts and I *really* hesitate to edit these
right now when so far most of things work.

I paste my /etc/hosts and ask for hints.

pre01svdeb01 = member server
pre01svbmd01 = a windows server (member)
pre01svdeb02 = samba ADS DC, not even listed here (192.168.16.205)

->

127.0.0.1       localhost
127.0.1.1       pre01svdeb01.my.tld     pre01svdeb01

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

192.168.16.111 ipfire.my.tld ipfire
192.168.16.203 backup backup.my.tld dc.my.tld dc
192.168.16.226 server-bmd.my.tld server-bmd

192.168.16.230  pre01svbmd01

Step2: understood and fixed something:

dc-entry was wrong!

krb5.conf points to dc.my.tld ... was wrong IP.

fixed

Now I can look up that mentioned SID from both servers. Good, right?

More information about the samba mailing list