[Authentication] Command `realm join` fails to register DNS, it is trying to cut DNS hostname when it is bigger than 15 chars.

Stef Walter stefw at gnome.org
Tue Oct 7 02:07:35 PDT 2014


On 06.10.2014 21:45, Martinx - ジェームズ wrote:
> Hello!
> 
> I figured out a way to achieve what I need. Unfortunately, Realmd is not
> ready for prime time. For huge networks, for example, with Disjoint
> Namespaces, lots of DNS sub-domains, and with machines that share the
> same hostname, but on different forward zones, then, Realmd can not be
> used (or at least, it is very hard to use it).
> 
> So, how I "fixed" it?
> 
> First, I transformed the obsolete "netbios name" in some kind of ID,
> like this:
> 
> * "ubuntu-desk-1.office.domain.com
> <http://ubuntu-desk-1.office.domain.com>" have its netbios name equal to
> "ubuntu-d-dae34".
> * "ubuntu-desk-1.sp.domain.com <http://ubuntu-desk-1.sp.domain.com>"
> have its netbios name equal to "ubuntu-d-fsd5h".
> 
> Then:
> 
> sudo apt-get remove realmd
> 
> Write at /etc/hosts:
> 
> 172.16.10.10 ubuntu-desk-1.office.domain.com
> <http://ubuntu-desk-1.office.domain.com> ubuntu-desk-1 ubuntu-d-dae34
> 
> Write at the /etc/samba/smb.conf the following line:
> 
> netbios name = ubuntu-d-dae34
> ---
> 
> This way, I can run: "net ads join" that my machine will got 2 "names",
> first is DNS, heavily used, the second is the NetBIOS (obsolete, used
> just to join into the domain). NetBIOS is disable in my network, no WINS.
> 
> So, I can have "ubuntu-desk-1" both in "*.office.domain.com
> <http://office.domain.com>" and "*.sp.domain.com
> <http://sp.domain.com>", each one with its own netbios name but, same
> hostname (different domain).
> 
> I came to conclusion that realmd is not ready for large networks.
> 
> Please, let me know when realmd have support for selecting different
> netbions name. Also, realmd should NOT cut the DNS, at 15 char, before
> trying to register it. This is ugly, Realmd should not touch DNS
> hostname, ever.

Interesting. Well we certainly never look at the DNS host name. We call
gethostname() for a FQDN, but doesn't look up anything in DNS.

We could add a --computer-account="name" argument to 'realm join' for
explicitly specifying the account name (ie: the "NETBIOS" name you're
talking about above).

Would that fix your issue? If so, could you file a bug here?

https://bugs.freedesktop.org/enter_bug.cgi?product=realmd

Stef



More information about the Authentication mailing list