[Samba] Samba ADS-member-server: FQDNs in /etc/hosts

Rowland Penny rpenny at samba.org
Mon Jul 10 10:08:08 UTC 2017 

On Mon, 10 Jul 2017 11:45:31 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> 
> (new thread, same migration project)
> 
> I see GPOs applied, but network drives sometimes mapped, sometimes
> not.
> 
> Found something around hardened UNC paths, applied some GPO, dunno if
> that is necessary or helps (I still have to check where to apply that
> GPO, computer or user ...).
> 
> While debugging that I find in log.smbd on the member server:
> 
> [2017/07/10 11:22:20.290018,
> 1] ../source3/lib/util.c:1974(name_to_fqdn) WARNING: your /etc/hosts
> file may be broken! Full qualified domain names (FQDNs) should not be
> specified as an alias in /etc/hosts. FQDN should be the first name
>       prior to any aliases.
> [2017/07/10 11:23:15.561739,
> 1] ../source3/lib/util.c:1974(name_to_fqdn) WARNING: your /etc/hosts
> file may be broken! Full qualified domain names (FQDNs) should not be
> specified as an alias in /etc/hosts. FQDN should be the first name
>       prior to any aliases.
> [2017/07/10 11:23:15.602520,  1]
> ../source3/auth/token_util.c:430(add_local_groups)
>   SID S-1-5-21-2940660672-4062535256-4144655499-1031 ->
> getpwuid(11031) failed
> [2017/07/10 11:23:15.602534,  1]
> ../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac)
>   Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
> 
> 
> Yes, I have FQDNs in /etc/hosts and I *really* hesitate to edit these
> right now when so far most of things work.
> 
> I paste my /etc/hosts and ask for hints.
> 
> pre01svdeb01 = member server
> pre01svbmd01 = a windows server (member)
> pre01svdeb02 = samba ADS DC, not even listed here (192.168.16.205)
> 
> ->
> 
> 127.0.0.1       localhost
> 127.0.1.1       pre01svdeb01.my.tld     pre01svdeb01
> 
> ::1     localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 
> 192.168.16.111 ipfire.my.tld ipfire
> 192.168.16.203 backup backup.my.tld dc.my.tld dc
> 192.168.16.226 server-bmd.my.tld server-bmd
> 
> 192.168.16.230  pre01svbmd01

I would change /etc/hosts to this:

127.0.0.1       localhost
127.0.1.1       pre01svdeb01.my.tld     pre01svdeb01

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

But replace '127.0.0.1' with the real ipaddress of pre01svdeb01.my.tld
if it has a fixed IP, if it hasn't, you can remove the entire line.
You don't need anything else, the DNS provided by your AD DC should
provide everything else.

> 
> Step2: understood and fixed something:
> 
> dc-entry was wrong!
> 
> krb5.conf points to dc.my.tld ... was wrong IP.
> 
> fixed

Probably not, /etc/krb5.conf should only contain something like this:

[libdefaults]
    default_realm = MY.TLD
    dns_lookup_realm = false
    dns_lookup_kdc = true

Rowland
> 
> Now I can look up that mentioned SID from both servers. Good, right?
> 
> 
> 
> 
>

More information about the samba mailing list