On Fri, 2020-09-18 at 16:55 -0300, Andreas Hasenack wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > Hi, > > I'm verifying under which conditions sssd will perform successful dns > updates on a DNS server backed by AD. > > In this scenario, I have a standalone computer, that has an IP > obviously, but no DNS record yet. My goal was to have the join process > also add a DNS record for this computer. > > After tracing calls to nsupdate, it looks like what sssd does is use > the output of `hostname -f`, and I don't see a fault with that > reasoning, except that to have that return an fqdn I need either to be > in DNS already, or hack /etc/hosts. Otherwise, it sends the short name > with a dot suffix, and that won't be accepted: > update delete g-client1. in A > update add g-client1. 3600 in A 10.51.0.8 > send > update delete g-client1. in AAAA > send > > I was wondering if sssd couldn't assume that the domain part is the > same as the realm? I understand there might be many considerations > here, like multiple domains, forests, etc, and maybe that's why this > isn't done. But perhaps there is a way to have the simple case work? > Or is there a config option I missed? > > The other trick I see is to set the hostname to the fqdn, so that > `hostname` returns the full thing. It's not technically correct I > suppose, but gets the job done. Is that what people also do?
Yes I think so. I did a number of years ago and I think some dists. already do that by default. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org