Univention Bugzilla – Bug 56128
revise hostname limit of 13 characters
Last modified: 2023-09-06 15:27:41 CEST
10 years ago Bug 31688 claimed that the NETBIOS Name limit ist 13 characters in UCS. There is not any proof to be found that this statement is still or was ever valid. Bug 30255 states "the maximum length of a valid DC name is limited by Samba4" and "A valid NetBIOS name can not be longer than 13 characters" but links lateron https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc756101(v=ws.10)?redirectedfrom=MSDN#BKMK_NameLimits which clearly says "NetBIOS computer and domain names are limited to 15 characters" https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#NetBIOS_Names says "Whatever you use for your NetBIOS name, ensure it is just one word, no longer than 15 characters..." Bug 40611 described a failed setup due to the length of the hostname but the join.log also says "Our netbios name can be at most 15 chars long,..." As a result Bug 42816 introduced a length limit of 14(!) characters for Docker-based hosts. -> This is inconsistent, hardly explainable and sometime annoying (see Bug 51901) There may have been some scenarios in the past for example in UCS@School where hosts (administrative servers) have been autocreated by adding characters but this is not the case anymore. -> The limit sh
additional technical informations joining a host with S4 installed after changing UCRV "hostname" to 15 characters is possible. root@s23456789012345:~# samba-tool domain info 10.0.0.14 Forest : training.ucs Domain : training.ucs Netbios domain : TRAINING DC name : s23456789012345.training.ucs DC netbios name : S23456789012345 Server site : Default-First-Site-Name Client site : Default-First-Site-Name root@s23456789012345:~# univention-app info UCS: 5.0-3 errata572 Installed: samba4=4.16 Upgradable: the join os a host with a 16-cahr hostname fails INFO 2023-06-08 13:47:37,640 pid:11457 /usr/lib/python3/dist-packages/samba/join.py #1563: workgroup is TRAINING INFO 2023-06-08 13:47:37,640 pid:11457 /usr/lib/python3/dist-packages/samba/join.py #1566: realm is training.ucs ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not open secrets.ldb and failed to open /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO ERROR(<class 'samba.provision.InvalidNetbiosName'>): uncaught exception - The name ''S234567890123456'' is not a valid NetBIOS name File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 723, in run backend_store_size=backend_store_size) File "/usr/lib/python3/dist-packages/samba/join.py", line 1579, in join_DC ctx.do_join() File "/usr/lib/python3/dist-packages/samba/join.py", line 1468, in do_join ctx.join_provision() File "/usr/lib/python3/dist-packages/samba/join.py", line 875, in join_provision batch_mode=True) File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 2515, in provision sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS)) File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 609, in guess_names raise InvalidNetbiosName(netbiosname) -> the limit *is* 15 chars
I vaguely remember that we have or had situations where hostnames automatically "grow" by prefix or suffix characters. One I remember is that the hostname is prefixed with a "$" to build the internal "account" name in the NT/samba domain -- not sure if this is still relevant for AD style domains.
Test with patched create_ou.py (raised MAX_HOSTNAME_LENGTH to 15) /usr/share/ucs-school-import/scripts/create_ou schule15 s23456789012345 root@s23456789012345:~# dpkg -l | grep school-repl ii ucs-school-replica 13.0.15A~5.0.0.202205190959 all UCS@school meta package for UCS Replica Directory Nodes root@s23456789012345:~# univention-app info UCS: 5.0-3 errata709 Installed: cups=2.2.1 dhcp-server=12.0 samba4=4.16 squid=3.5 ucsschool=5.0 v3 4.4/ucsschool-veyon-proxy=4.7.4.14-0 Upgradable: root@s23456789012345:~# univention-check-join-status Joined successfully root@s23456789012345:~# samba-tool domain info 10.0.10.13 Forest : training.ucs Domain : training.ucs Netbios domain : TRAINING DC name : s23456789012345.training.ucs DC netbios name : S23456789012345 Server site : schule15 Client site : schule15 Win10-Client joins and can access shares via \\S23456789012345
Last time you asked for this I researched: https://forge.univention.org/bugzilla/show_bug.cgi?id=35599#c4