Is 13 characters, that by adding the “nsdc-” prefix becomes 18 chars. This exceedes the 15 chars NetBIOS name limit. I don’t know if it is a problem but… /cc @quality_team
Could you try with a shorter hostname? I’d go with “planta2”. Under “Server name” page set as FQDN “planta2.kloncor.com.ar”, before installing the “Samba Account Provider” module. If you already installed it, remove it and apply the “Factory reset” procedure they suggested you some days ago.
I played a litle bit with a vm.
When I use a short FQDN (ns7test.ns7.lan) after factory reset the DC, everything seems to work fine.
When I use a log FQDN (clonetestns7test.ns7.lan) I get this error:
After reboot:
and sssd service is stopped.
So I think you’re right with your suggestion with the FQDN @davidep
Is it possible to check in this field the maximum length of FQDN? Would avoid similar problems.
Sep 20 08:31:33 clonetestns7b2 systemd: Started Authorization Manager.
Sep 20 08:31:33 clonetestns7b2 realmd: * Resolving: _ldap._tcp.ns7.lan
Sep 20 08:31:33 clonetestns7b2 realmd: * Performing LDAP DSE lookup on: 192.168.0.239
Sep 20 08:31:33 clonetestns7b2 realmd: * Successfully discovered: ns7.lan
Sep 20 08:31:33 clonetestns7b2 realmd: * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
Sep 20 08:31:33 clonetestns7b2 realmd: * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.C05AOY -U Administrator ads join ns7.lan
Sep 20 08:31:33 clonetestns7b2 realmd: Enter Administrator’s password:gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: Server not found in Kerberos database]
Sep 20 08:31:33 clonetestns7b2 realmd: kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.
Sep 20 08:31:33 clonetestns7b2 realmd:
Sep 20 08:31:33 clonetestns7b2 realmd: Failed to join domain: failed to connect to AD: An internal error occurred.
Sep 20 08:31:33 clonetestns7b2 realmd: ! Joining the domain ns7.lan failed
Sep 20 08:31:33 clonetestns7b2 esmith::event[1768]: Password for Administrator: See: journalctl REALMD_OPERATION=r103.3526
Sep 20 08:31:33 clonetestns7b2 esmith::event[1768]: realm: Couldn’t join realm: Joining the domain ns7.lan failed
Sep 20 08:31:33 clonetestns7b2 esmith::event[1768]:
Sep 20 08:31:33 clonetestns7b2 esmith::event[1768]: [WARNING] DC join attempt 1 of 3 failed! Wait a few seconds…
In my case an internalt error occured, in his case the connection was refused.
No administrator is created during setup. But on network panel I get the “set password” message.
I can reproduce my error. Everytime when I take a long FQDN, I get an error.
Oh, I have to mention, that I have to delete the bridge manually after factory reset to get nsdc working again. Otherwise the bridge can’t be created during setup, and the vb-nsdc was not joined anymore to the bridge. So I had to do it manually. So best way is to delete the bridge in network panel before setup nsdc again.
The NetBIOS name is the OEM representation of the DNS host name up to MAX_COMPUTERNAME_LENGTH characters. If you set a DNS host name of more than MAX_COMPUTERNAME_LENGTH characters, the NetBIOS name is set to a truncated version of the DNS host name. Otherwise, the whole DNS host name is translated into the OEM NetBIOS name. Warning: If you modify the NetBIOS name so that it is not a truncated mapping of the DNS name, you will break applications that use functions such as DnsHostnameToComputerName which rely on this convention.
I agree, 15 chars are acceptable, but the usable length for FQDN is only 10 chars, because in case of a AD setup the part “nsdc-” is added, or isn’t that affected?
Then maybe the “nsdc-” for the DC could be shortend to only “dc-”, so the usable FQDN-length for a DC would be 12 chars.
I did a clean install. All updates and
I gave a long name (verylongnamens7test2.ns7.lan)
Installed directly from nethserver-testing the packages.
Started dc with green bridge.
And voila:
and
No errors in messages.log relating to sssd or nsdc.