[Bug 421418] New: join ads domain that ends with . local for windows authentication
https://bugzilla.novell.com/show_bug.cgi?id=421418 Summary: join ads domain that ends with .local for windows authentication Product: openSUSE 11.0 Version: Final Platform: All OS/Version: openSUSE 11.0 Status: NEW Severity: Critical Priority: P5 - None Component: Samba AssignedTo: samba-maintainers@SuSE.de ReportedBy: diego.ercolani@gmail.com QAContact: samba-maintainers@SuSE.de Found By: --- This report has two parts: A: join procedure problem B: fail to update DDNS that end with a join error. Dear developers, please compile a wiki page about this error but also revise the YAST algorithm to manage these exceptions or probably be more verbose to a user. -------------------------------------A----------------------------------------- As you know local domains may have resolved via mdns service (avahi) but there are some circumstances (as my) where enterprise system administrator chose the local domain to be the windows domain controlled by a windows 2000 server and Active Directory. So, joining a domain also from a fresh install fails as samba doesn't resolve correctly the active directory/ldap server that own domain datas. My workaround was: 1. set nomdns=1 in the installation start commandline /proc/cmdline (see http://en.opensuse.org/Linuxrc) 2. during the installation stage 2 (where YAST ask to join to a windows domain) switch to a console (SHIF+ALT+F3) and then edit the file /etc/host.conf and add the line: mdns off (if it's running kill nscd caching daemon) 3. switch back to the join procedure and join the domain ------------------------------------------------------------------------------ --------------------------------------B--------------------------------------- The problem is regarding a later stage of the the join procedure. After setting a minimal smb.conf in a YAST directory under /tmp, YAST calls correctly another command: net ads join -U Administrator%password -s /tmp/YASTDIRECTORY/smb.conf After joining the domain, net command tries to update dns entry for the machine. If for some reason the procedure fail to update DNS (key problems, right to change dns entry ecc.), all the joining procedure fails. That's not correct! Master DNS can refuse the dns table update! The other malfunction that I noticed is that if you set a HOSTNAME, Yast configure an entry in /etc/hosts like this: 127.0.0.2 pc-name pc-name.fqdn when net ads updates dns, in dns table are inserted two entries: pc-name.fqdn IN A 127.0.0.2 pc-name.fqdn IN A ip.add.re.ss this is not correct. ------------------------------------------------------------------------------ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=421418
User boyang@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c1
Yang Bo
https://bugzilla.novell.com/show_bug.cgi?id=421418
Yang Bo
https://bugzilla.novell.com/show_bug.cgi?id=421418
User diego.ercolani@gmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c2
--- Comment #2 from Diego Ercolani
https://bugzilla.novell.com/show_bug.cgi?id=421418
Yang Bo
https://bugzilla.novell.com/show_bug.cgi?id=421418
User boyang@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c3
--- Comment #3 from Yang Bo
1. I think so, but the bug is somehow sly infact if you use the net ads join commmand with the debug option samba complain about LDAP server....
Please invoke net ads join with option -d999 and then post the output to bugzilla.
2. Yes this is what happens
It is designed as it is.... Maybe error message should be improved.
3. I said "net ads updates" not for a real command but an explaination of what happens. (I think the command is something like: net ads dns register)
So stupid that I misunderstand it. :-) This is a bug. 127.0.0.x must never be registered in DC. I'll fix it.
Thank you
You can also refer to http://en.opensuse.org/Samba or http://en.opensuse.org/Bugs/Samba about how to report a bug. You must provide enough information for debugging purpose. thx! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=421418
Yang Bo
https://bugzilla.novell.com/show_bug.cgi?id=421418
User diego.ercolani@gmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c4
--- Comment #4 from Diego Ercolani
https://bugzilla.novell.com/show_bug.cgi?id=421418
User diego.ercolani@gmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c5
--- Comment #5 from Diego Ercolani
https://bugzilla.novell.com/show_bug.cgi?id=421418
User diego.ercolani@gmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c6
--- Comment #6 from Diego Ercolani
https://bugzilla.novell.com/show_bug.cgi?id=421418
User diego.ercolani@gmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c7
--- Comment #7 from Diego Ercolani
https://bugzilla.novell.com/show_bug.cgi?id=421418
User diego.ercolani@gmail.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c8
--- Comment #8 from Diego Ercolani
https://bugzilla.novell.com/show_bug.cgi?id=421418
User boyang@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c9
Yang Bo
https://bugzilla.novell.com/show_bug.cgi?id=421418
User boyang@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c10
--- Comment #10 from Yang Bo
https://bugzilla.novell.com/show_bug.cgi?id=421418
User boyang@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c11
--- Comment #11 from Yang Bo
https://bugzilla.novell.com/show_bug.cgi?id=421418
User boyang@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=421418#c12
Yang Bo
participants (1)
-
bugzilla_noreply@novell.com