When running ipa-adtrust-install with --netbios-name="", the NetBIOS name with which it is installed is changed from empty string to name determined based on leading component of DNS domain name, although this change is not announced nor documented and can only be detected by ldapsearch for ipaNTFlatName attribute.
Environment: IPA 4.4.0, IPA 4.3.2
Installation:
$ sudo ipa-adtrust-install -U --enable-compat --netbios-name="" -a Secret123 --add-sids The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the FreeIPA Server. This includes: * Configure Samba * Add trust related objects to FreeIPA LDAP server To accept the default shown in brackets, press the Enter key. Configuring CIFS [1/23]: stopping smbd [2/23]: creating samba domain object [3/23]: creating samba config registry [4/23]: writing samba config file [5/23]: adding cifs Kerberos principal [6/23]: adding cifs and host Kerberos principals to the adtrust agents group [7/23]: check for cifs services defined on other replicas [8/23]: adding cifs principal to S4U2Proxy targets [9/23]: adding admin(group) SIDs [10/23]: adding RID bases [11/23]: updating Kerberos config 'dns_lookup_kdc' already set to 'true', nothing to do. [12/23]: activating CLDAP plugin [13/23]: activating sidgen task [14/23]: configuring smbd to start on boot [15/23]: adding special DNS service records [16/23]: enabling trusted domains support for older clients via Schema Compatibility plugin [17/23]: restarting Directory Server to take MS PAC and LDAP plugins changes into account [18/23]: adding fallback group [19/23]: adding Default Trust View [20/23]: setting SELinux booleans [21/23]: starting CIFS services [22/23]: adding SIDs to existing users and groups This step may take considerable amount of time, please wait.. [23/23]: restarting smbd Done configuring CIFS. ============================================================================= Setup complete You must make sure these network ports are open: TCP Ports: * 135: epmap * 138: netbios-dgm * 139: netbios-ssn * 445: microsoft-ds * 1024..1300: epmap listener range UDP Ports: * 138: netbios-dgm * 139: netbios-ssn * 389: (C)LDAP * 445: microsoft-ds See the ipa-adtrust-install(1) man page for more details =============================================================================}}} Check which NetBIOS name was set: $ ldapsearch -Y GSSAPI '(ipaNTFlatName=*)' ... ipaNTFlatName: DOM-200 ...
The patch (https://github.com/freeipa/freeipa/pull/24) will help with testing of 4-3 branch:
master:
ipa-4-3:
Metadata Update from @lryznaro: - Issue assigned to lryznaro - Issue set to the milestone: FreeIPA 4.3.3
Login to comment on this ticket.