On Mon, Aug 12, 2019 at 09:41:31PM -0000, Erinn Looney-Triggs wrote: > Apologies, the issue is we moved from using winbind via realmd which now > seems to be broken due to this: > https://bugzilla.samba.org/show_bug.cgi?id=14007 to using adcli, our > realmd.conf file had previously lower cased the computer-name like so: > > computer-name = example
Hi, thank's for the explanation. > > And samba apparently uppercased it on the join (EXAMPLE$). adcli appears not > to do that (example$). After some long research it looks like lower case is > entirely legit for NETBIOS names, but for whatever reason samba chooses to > upper case the names. Yes, lower-case characters are valid in NetBIOS names, the all upper-case style is a historic convention. > > So the change in behavior was unexpected, but is valid. However, getting net > ads join to work again in RHEL 7.7 is probably a good idea on Red Hat's part. > > In short I expected adcli to act like net ads join, it doesn't, the former > will accept upper or lower case and probably anything in between, the latter > upper cases the name. Solution was to upper case the name with ADCLI so that > it matches what we had previously. Longer term solution is to be case > insensitive when looking for a principle in the keytab. If adcli derives the computer-name from the hostname it will automatically upper-case the name. If the computer-name is explicitly given at the command line or in realmd.conf it is taken as is. Do you think it would be ok to enhance the man page explaining the difference and saying that the name should be upper-case for maximal compatibility? About looking up principles case insensitive, according to the related RFCs Kerberos principal are case sensitive. Unfortunately AD implements this case insensitive which causes confusion at various places. bye, Sumit > > -Erinn > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
