[Authentication] Command `realm join` fails to register DNS, it is trying to cut DNS hostname when it is bigger than 15 chars.

Martinx - ジェームズ thiagocmartinsc at gmail.com
Fri Sep 12 22:06:05 PDT 2014 

Guys,

I'm trying to join a Linux instance into my AD Domain, its FQDN is `
puppetmaster-1-i-000000b9.tenant-a.company.com`:

---
root at puppetmaster-1:~# hostname puppetmaster-1-i-000000b9

root at puppetmaster-1:~# hostname -f
puppetmaster-1-i-000000b9.tenant-a.company.com

root at puppetmaster-1:~# realm -v join sambadom.company.com -U Administrator
 * Resolving: _ldap._tcp.sambadom.company.com
 * Performing LDAP DSE lookup on: 192.168.1.10
 * Performing LDAP DSE lookup on: 192.168.1.20
 * Successfully discovered: sambadom.company.com
Password for Administrator:
 * Unconditionally checking packages
 * Resolving required packages
* * Joining using a truncated netbios name: PUPPETMASTER-1-*
 * LANG=C LOGNAME=root /usr/bin/net -s
/var/cache/realmd/realmd-smb-conf.HMC1LX -U Administrator ads join
sambadom.company.com
Enter Administrator's password:DNS update failed:
NT_STATUS_INVALID_PARAMETER

Using short domain name -- SAMBADOM
Joined 'PUPPETMASTER-1-' to dns domain 'sambadom.company.com'
*No DNS domain configured for puppetmaster-1-. Unable to perform DNS
Update.*
 * LANG=C LOGNAME=root /usr/bin/net -s
/var/cache/realmd/realmd-smb-conf.HMC1LX -U Administrator ads keytab create
Enter Administrator's password:
 * /usr/sbin/update-rc.d sssd enable
update-rc.d: /etc/init.d/sssd: file does not exist
 * /usr/sbin/service sssd restart
stop: Unknown instance:
sssd start/running, process 6243
 * Successfully enrolled machine in realm
---

It joined but the DNS did not got registered...

If I remove the "$instance-id", from the `hostname`, then, the command
`realm -v join ...` works! But, it will break my environment "as-is", I'm
expecting: "hostname+instance-id"...   :-/

I'm evaluating the couple "realmd + sssd" to replace Samba + Winbind but,
this unique problem is an impediment to start using this solution in
production today...

Any tips?!

>From what I'm seeing, the `realm join` is missing an option like
`--computer-name=puppetmaster-1` like the one from `adcli` (and it should
not use that truncated "PUPPETMASTER-1-" above), and do not "cut / touch"
the DNS hostname.

When with Winbind+Samba, I can join / register the hostname
`puppetmaster-1-i-000000b9` @ `tenant-a.company.com` without any problem
(using `net ad join -U Administrator`) but, Winbind brings lots of others
problems, so, I'm trying to move to `sssd` instead...

I really appreciate any help! I'm using Ubuntu 14.04.1 with my own small
PPA archive: http://launchpad.net/~martinx/+archive/ubuntu/ig

Thanks!
Thiago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/authentication/attachments/20140913/130ac45d/attachment.html>

More information about the Authentication mailing list