[Samba] adding netbios name stops getent from working

Jason Keltz jas at eecs.yorku.ca
Thu Apr 15 20:28:40 UTC 2021


Hi Louis,

I only had to add the proper SPN and it worked...

Thanks!

Jason.

On 4/15/2021 3:23 AM, L.P.H. van Belle via samba wrote:
> Good morning People around the world.
>
> Now, even if you dont have netbios name set in smb.conf,
> the defaults are that its using the systems hostname, so dont change that.
> And this is why i show this "default" setting in my config.
> Using the netbios alias, never dont that really and netbios uses NMBD,
> which we shouldnt use anyway.
>
> Basicly it always comes back to these things.
> Does the server has the correct IP and is the PTR  record set.
> And is the search domain the same as the primary DNS zone
> last applies for servers and clients.
>
> PTR, should be there and always checked, and i recommend it for all server to have it, with the PTR, the CNAMES keep working, because the CNAME points
> back to the "real" hostname/PTR records.
>
> if you set up like that.
> You can use \\servername \\aliasname\ \\servername.fqdn\ \\alias.fqdn\
>
> But, side node, its recommended to use the FQDN.
> For example, a fileserver, i set the resolving up like this.
>
> hostname.internal.dom.tld 	A 192.168.0.1
> 1.0.168.192-in.arpa		PTR hostname.internal.dom.tld
> file1.internal.dom.tld		CNAME hostname.internal.dom.tld.
>
> if its also a print server.
> ptr1.internal.dom.tld		CNAME hostname.internal.dom.tld.
>
> if its also a proxy server
> prx1.internal.dom.tld		CNAME hostname.internal.dom.tld.
>
> for AD-DC's, think in ntp dns what can be used for CNAMEs
>
> And in scripts, settings, GPOS etc etc. i use the alias name in FQDN.
> saves time when i need to replace a server of move a funtion/service to an
> other server and, setup like this, kerberos keeps working,
> Only thing sometimes needed is adding an aliasname (UPN/SPN) in keytab file
>
> I hope this was usefull for you and gave some ideas.
>
> So, Jason, my guess in your case, add the PTR.  ;-)
> if you already have the PTR set, then something is off, then post :
>
> dig a $(hostname -f)|grep A
>
> And yes, this next line is one line..
>
> dig -x $(dig a $(hostname -f)|grep A|awk '{ print $NF }' \
>   |grep $(hostname -i))
>
> /etc/hosts
> /etc/resolv.conf
> /etc/krb5.conf
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Jason Keltz via
>> samba
>> Verzonden: woensdag 14 april 2021 19:58
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] adding netbios name stops getent from working
>>
>>
>> On 4/14/2021 1:53 PM, Rowland penny via samba wrote:
>>> On 14/04/2021 18:12, Jason Keltz via samba wrote:
>>>> On 4/14/2021 12:37 PM, Rowland penny via samba wrote:
>>>>> On 14/04/2021 17:29, Jason Keltz via samba wrote:
>>>>>> Hi.
>>>>>>
>>>>>> I have a Samba file server which is part of an AD domain.  I can
>>>>>> ssh to the server using my AD username/password.  I can also mount
>>>>>> my home directory under Windows.  Everything works as I expect.
>>>>>> However, I need to give the server an alias.  If I use "netbios
>>>>>> name" to set that alias in smb.conf, then "getent passwd <user>"
>>>>>> stops working, and I can no longer login. Why is that?
>>>>>>
>>>>>> Jason.
>>>>>>
>>>>>>
>>>>> It would be 'netbios alias' except that would require SMBv1 and you
>>>>> probably have it turned off, not to mention that AD uses dns instead
>>>>> of netbios.
>>>>>
>>>>> Why do 'need' to give it an alias ?
>>>>>
>>>>> If you must give it an alias, do a search on 'CNAME'
>>>> Hi Rowland!
>>>>
>>>> I have always used an "alias" (netbios name) so that if I need to
>>>> rebuild the server with a new name (say, during an upgrade), the user
>>>> doesn't need to change any of their mounts. The server can be called
>>>> "abcd" and changed to "efgh", but if the user knows to always mount
>>>> their home directory as say, "\\fileserver\homes", then it will
>>>> always work no matter what I change the physical server name to.
>>>>
>>>> I already have the CNAME.  I tried that.  Under Windows, I'm logged
>>>> into the AD domain.  If I try to mount from \\fileserver\homes, then
>>>> I get asked for my username and password, and the mount fails.  On
>>>> the other hand, if I try to mount from say,
>>>> \\fileserver.full.domain\homes, it works.  I don't even need to
>>>> "re-enter" my username and password as would be expected.  When I do
>>>> an nslookup of just "fileserver", that works.  The fact that the
>>>> login box comes up probably means it has contacted the host. It's
>>>> just not clear why I can't login without specifying the full path.
>>>>
>>>> Jason.
>>>>
>>>>
>>> Louis could probably explain it better than I, but it seems that
>>> Windows is moving towards using FQDN's instead of short hostnames.
>>> Other tools may, and apparently do, work differently, just because
>>> 'nslookup' will work with a short hostname, does not mean Windows
>>> tools will.
>> Hi Rowland,
>>
>> The interesting thing is that \\name-of-server-without-domain works, but
>> \\alias-of-server-without-domain doesn't.  As you said, maybe Louis has
>> some ideas.
>>
>> Thanks!
>>
>> Jason.
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list