ALT Linux Bugzilla
– Attachment 7796 Details for
Bug 35453
system-auth write ad: не создаются (A) DNS записи для хоста
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
patch
0001-ad-correctly-update-DNS-record-of-the-newly-joined-h.patch (text/plain), 3.24 KB, created by
Alexey Sheplyakov
on 2018-10-02 16:51:02 MSK
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Alexey Sheplyakov
Created:
2018-10-02 16:51:02 MSK
Size:
3.24 KB
patch
obsolete
>From db23756cab162b3fea6ca16053ad26f34b93e137 Mon Sep 17 00:00:00 2001 >From: Alexey Sheplyakov <asheplyakov@altlinux.org> >Date: Tue, 2 Oct 2018 16:44:44 +0400 >Subject: [PATCH] ad: correctly update DNS record of the newly joined host > >After joining the domain net_ads_join tries to update the A DNS record >of the newly joined host [1]. The call stack looks like this > >net_update_dns_ext /* iplist = NULL, num_addrs = 0, remove_host = false */ >net_update_dns /* hostname = NULL */ >_net_ads_join_dns_updates >net_ads_join > >net_update_dns_ext guesses the (DNS) hostname from its netbios name [2]. >Typically netbios name matches the short (DNS) hostname (maximal length >of a netbios name is 15 bytes, which might be too short for a FQDN). >Thus net_update_dns_ext calls name_to_fqdn [3] to guess the FQDN. >However name_to_fqdn makes use of getaddrinfo to obtain the FQDN, which >is deemed to fail since the (A) DNS record hasn't been created yet. >Thus net_update_dns_ext tries to proceed with the short hostname, >however net_update_dns_internal bails out [4] with >NT_STATUS_INVALID_PARAMETER for it can't figure out the (DNS) domain name. > >Thus an attempt to create the A DNS record on the (very first) join >is deemed to fail (and `net ads join` does not accept the DNS domain >name as an argument). > >There are two possible approaches to solve the problem: > >1) Use `net ads join --no-dns-updates` to join the domain, and make (A) > DNS record with `net ads dns register` >2) Teach `net ads join` to use the name of the Kerberos domain (in lower > case) as the DNS domain name, if guessing the FQDN failed. > >Option 2) is definitely more complicated and most likely will be rejected >by the upstream (they don't quite like changing `source3` unless that >fixes a serious problem). Hence this patch. > >[1] http://git.altlinux.org/gears/s/samba-DC.git?p=samba-DC.git;a=blob;f=source3/utils/net_ads.c;h=c83aced9f812380df85682c08e29de48a1794d6b;hb=ec86b464b83e7e5d6163f54fca6869d855a32910#l1632 >[2] http://git.altlinux.org/gears/s/samba-DC.git?p=samba-DC.git;a=blob;f=source3/utils/net_ads.c;h=c83aced9f812380df85682c08e29de48a1794d6b;hb=ec86b464b83e7e5d6163f54fca6869d855a32910#l1296 >[3] http://git.altlinux.org/gears/s/samba-DC.git?p=samba-DC.git;a=blob;f=source3/lib/util.c;h=5f786f95d3e2eccd113a39eec585d195713c5747;hb=ec86b464b83e7e5d6163f54fca6869d855a32910#l1682 >[4] http://git.altlinux.org/gears/s/samba-DC.git?p=samba-DC.git;a=blob;f=source3/utils/net_ads.c;h=c83aced9f812380df85682c08e29de48a1794d6b;hb=ec86b464b83e7e5d6163f54fca6869d855a32910#l1156 >--- > alterator-auth/sbin/system-auth | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/alterator-auth/sbin/system-auth b/alterator-auth/sbin/system-auth >index b63066a..81d5b33 100755 >--- a/alterator-auth/sbin/system-auth >+++ b/alterator-auth/sbin/system-auth >@@ -515,13 +515,13 @@ join_ad_domain() > set_hostname "$host_name.$ldomain" > > # Join to domain >- $net_cmd ads join -U"$user%$password" | grep -v '^Using short domain name' >+ $net_cmd ads join -U"$user%$password" --no-dns-updates > > [ "$?" -ne 0 ] && return 1 > > # Register machine in domain DNS > if [ -n "$host_name" ]; then >- $net_cmd ads dns register -U"$user%$password" "$FQDN" >+ $net_cmd ads dns register -U"$user%$password" "$host_name.$ldomain" > fi > > # Destroy ticket >-- >2.10.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 35453
: 7796