[SSSD-users] Re: DDNS not working due to non FQDN hostname

Mon, 22 Aug 2016 11:06:14 -0700 

On Mon, 2016-08-22 at 16:59 +0000, Mote, Todd wrote:
> I'm joining RHEL to Active Directory and have had success updating DDNS using 
> the following (CASE indicates
> the case the entry is in)  'dnsdomain' here is the domain name of my AD, 
> ad.corp.com, and FQDNs of hosts
> joined to that AD look like this host.ad.corp.com.  I'm not cross joining, 
> but do have alternate domains in
> Kerberos.  That way any host that has a dns domain different from AD it still 
> works.  Eg otherdnsdomain is
> other.corp.com, and the host fqdn could be host.other.corp.com.  dynamic DNS 
> doesn't exist in the
> other.corp.com namespace, so DDNS doesn’t work there, naturally, only AD DDNS.
> 
> On RHEL 7 
> ~# hostnamectl set-hostname <fqdn>
> 
> Resolv.conf
> Domain <dnsdomain>
> Search <dnsdomain>
> 
> Krb5.conf
> 
> [libdefaults]
>  default_realm = <DNSDOMAIN>
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
>  forwardable = true
>  ticket_lifetime = 24h
>  renew_lifetime = 7d
> 
> [realms]
>  <DNSDOMAIN> = {
>   kdc = <dnsdomain>
>   admin_server = <dnsdomain>
>  }
> 
> [domain_realm]
> .<dnsdomain>=<DNSDOMAIN>
> <dnsdomain>=<DNSDOMAIN>
> .<otherdnsdomain>=<DNSDOMAIN>
> <otherdnsdomain>=<DNSDOMAIN>
> 
> 
> ~# adcli join --domain=DNSDOMAIN --login-user=my-user --verbose 
> --service-name=host --service-
> name=RestrictedKrbHost --show-details
> 
> Show details on adcli shows you quite a bit, which is nice, domain 
> controllers, what names it's using for
> fully qualified, domain name, computer account name, domain realm...  it may 
> help.

Argh, I took an even closer look at my join script and found that my HOSTNAME 
variable was already FQDN and
then I added anther domain after that, oops ....

I would like to ask one thing though, you use --service-name=host instead of 
--user-principal=...
The difference I see in the keytab is that --user-principal just creates the 
host/fqdn@DNSDOMAIN
while --servicename host creates both host/fqdn@DNSDOMAIN and 
host/HOST@DNSDOMAIN 
What is the significance of host/HOST@DNSDOMAIN ? Do one need it for something 
I have yet to discover?

 Jocke
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]

Reply via email to