[Samba] Samba ADS-member-server: FQDNs in /etc/hosts
Rowland Penny
rpenny at samba.org
Mon Jul 10 10:08:08 UTC 2017
On Mon, 10 Jul 2017 11:45:31 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
> (new thread, same migration project)
>
> I see GPOs applied, but network drives sometimes mapped, sometimes
> not.
>
> Found something around hardened UNC paths, applied some GPO, dunno if
> that is necessary or helps (I still have to check where to apply that
> GPO, computer or user ...).
>
> While debugging that I find in log.smbd on the member server:
>
> [2017/07/10 11:22:20.290018,
> 1] ../source3/lib/util.c:1974(name_to_fqdn) WARNING: your /etc/hosts
> file may be broken! Full qualified domain names (FQDNs) should not be
> specified as an alias in /etc/hosts. FQDN should be the first name
> prior to any aliases.
> [2017/07/10 11:23:15.561739,
> 1] ../source3/lib/util.c:1974(name_to_fqdn) WARNING: your /etc/hosts
> file may be broken! Full qualified domain names (FQDNs) should not be
> specified as an alias in /etc/hosts. FQDN should be the first name
> prior to any aliases.
> [2017/07/10 11:23:15.602520, 1]
> ../source3/auth/token_util.c:430(add_local_groups)
> SID S-1-5-21-2940660672-4062535256-4144655499-1031 ->
> getpwuid(11031) failed
> [2017/07/10 11:23:15.602534, 1]
> ../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac)
> Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
>
>
> Yes, I have FQDNs in /etc/hosts and I *really* hesitate to edit these
> right now when so far most of things work.
>
> I paste my /etc/hosts and ask for hints.
>
> pre01svdeb01 = member server
> pre01svbmd01 = a windows server (member)
> pre01svdeb02 = samba ADS DC, not even listed here (192.168.16.205)
>
> ->
>
> 127.0.0.1 localhost
> 127.0.1.1 pre01svdeb01.my.tld pre01svdeb01
>
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> 192.168.16.111 ipfire.my.tld ipfire
> 192.168.16.203 backup backup.my.tld dc.my.tld dc
> 192.168.16.226 server-bmd.my.tld server-bmd
>
> 192.168.16.230 pre01svbmd01
I would change /etc/hosts to this:
127.0.0.1 localhost
127.0.1.1 pre01svdeb01.my.tld pre01svdeb01
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
But replace '127.0.0.1' with the real ipaddress of pre01svdeb01.my.tld
if it has a fixed IP, if it hasn't, you can remove the entire line.
You don't need anything else, the DNS provided by your AD DC should
provide everything else.
>
> Step2: understood and fixed something:
>
> dc-entry was wrong!
>
> krb5.conf points to dc.my.tld ... was wrong IP.
>
> fixed
Probably not, /etc/krb5.conf should only contain something like this:
[libdefaults]
default_realm = MY.TLD
dns_lookup_realm = false
dns_lookup_kdc = true
Rowland
>
> Now I can look up that mentioned SID from both servers. Good, right?
>
>
>
>
>
More information about the samba
mailing list