On Sat, Sep 19, 2020 at 12:06:07PM +0000, Joakim Tjernlund wrote:
On Fri, 2020-09-18 at 16:55 -0300, Andreas Hasenack wrote:
> CAUTION: This email originated from outside of the organization. Do not click links
or open attachments unless you recognize the sender and know the content is safe.
>
>
> Hi,
>
> I'm verifying under which conditions sssd will perform successful dns
> updates on a DNS server backed by AD.
>
> In this scenario, I have a standalone computer, that has an IP
> obviously, but no DNS record yet. My goal was to have the join process
> also add a DNS record for this computer.
>
> After tracing calls to nsupdate, it looks like what sssd does is use
> the output of `hostname -f`, and I don't see a fault with that
> reasoning, except that to have that return an fqdn I need either to be
> in DNS already, or hack /etc/hosts. Otherwise, it sends the short name
> with a dot suffix, and that won't be accepted:
> update delete g-client1. in A
> update add g-client1. 3600 in A 10.51.0.8
> send
> update delete g-client1. in AAAA
> send
>
> I was wondering if sssd couldn't assume that the domain part is the
> same as the realm? I understand there might be many considerations
> here, like multiple domains, forests, etc, and maybe that's why this
> isn't done. But perhaps there is a way to have the simple case work?
> Or is there a config option I missed?
>
> The other trick I see is to set the hostname to the fqdn, so that
> `hostname` returns the full thing. It's not technically correct I
> suppose, but gets the job done. Is that what people also do?
Yes I think so. I did a number of years ago and I think some dists. already do
that by default.
Hi,
yes, this is typically our recommendation. If you have some legacy
application which do not like that the 'hostname' command or the
underlying system call return a fully-qualified name you can set the
fully-qualified name with the 'ad_hostname' option in sssd.conf, see man
sssd-ad for details.
HTH
bye,
Sumit
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...