10 years ago Bug 31688 claimed that the NETBIOS Name limit ist 13 characters in UCS. There is not any proof to be found that this statement is still or was ever valid. Bug 30255 states "the maximum length of a valid DC name is limited by Samba4" and "A valid NetBIOS name can not be longer than 13 characters" but links lateron https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc756101(v=ws.10)?redirectedfrom=MSDN#BKMK_NameLimits which clearly says "NetBIOS computer and domain names are limited to 15 characters" https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#NetBIOS_Names says "Whatever you use for your NetBIOS name, ensure it is just one word, no longer than 15 characters..." Bug 40611 described a failed setup due to the length of the hostname but the join.log also says "Our netbios name can be at most 15 chars long,..." As a result Bug 42816 introduced a length limit of 14(!) characters for Docker-based hosts. -> This is inconsistent, hardly explainable and sometime annoying (see Bug 51901) There may have been some scenarios in the past for example in UCS@School where hosts (administrative servers) have been autocreated by adding characters but this is not the case anymore. -> The limit sh
additional technical informations joining a host with S4 installed after changing UCRV "hostname" to 15 characters is possible. root@s23456789012345:~# samba-tool domain info 10.0.0.14 Forest : training.ucs Domain : training.ucs Netbios domain : TRAINING DC name : s23456789012345.training.ucs DC netbios name : S23456789012345 Server site : Default-First-Site-Name Client site : Default-First-Site-Name root@s23456789012345:~# univention-app info UCS: 5.0-3 errata572 Installed: samba4=4.16 Upgradable: the join os a host with a 16-cahr hostname fails INFO 2023-06-08 13:47:37,640 pid:11457 /usr/lib/python3/dist-packages/samba/join.py #1563: workgroup is TRAINING INFO 2023-06-08 13:47:37,640 pid:11457 /usr/lib/python3/dist-packages/samba/join.py #1566: realm is training.ucs ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not open secrets.ldb and failed to open /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO ERROR(<class 'samba.provision.InvalidNetbiosName'>): uncaught exception - The name ''S234567890123456'' is not a valid NetBIOS name File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 723, in run backend_store_size=backend_store_size) File "/usr/lib/python3/dist-packages/samba/join.py", line 1579, in join_DC ctx.do_join() File "/usr/lib/python3/dist-packages/samba/join.py", line 1468, in do_join ctx.join_provision() File "/usr/lib/python3/dist-packages/samba/join.py", line 875, in join_provision batch_mode=True) File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 2515, in provision sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS)) File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 609, in guess_names raise InvalidNetbiosName(netbiosname) -> the limit *is* 15 chars
I vaguely remember that we have or had situations where hostnames automatically "grow" by prefix or suffix characters. One I remember is that the hostname is prefixed with a "$" to build the internal "account" name in the NT/samba domain -- not sure if this is still relevant for AD style domains.
Test with patched create_ou.py (raised MAX_HOSTNAME_LENGTH to 15) /usr/share/ucs-school-import/scripts/create_ou schule15 s23456789012345 root@s23456789012345:~# dpkg -l | grep school-repl ii ucs-school-replica 13.0.15A~5.0.0.202205190959 all UCS@school meta package for UCS Replica Directory Nodes root@s23456789012345:~# univention-app info UCS: 5.0-3 errata709 Installed: cups=2.2.1 dhcp-server=12.0 samba4=4.16 squid=3.5 ucsschool=5.0 v3 4.4/ucsschool-veyon-proxy=4.7.4.14-0 Upgradable: root@s23456789012345:~# univention-check-join-status Joined successfully root@s23456789012345:~# samba-tool domain info 10.0.10.13 Forest : training.ucs Domain : training.ucs Netbios domain : TRAINING DC name : s23456789012345.training.ucs DC netbios name : S23456789012345 Server site : schule15 Client site : schule15 Win10-Client joins and can access shares via \\S23456789012345
Last time you asked for this I researched: https://forge.univention.org/bugzilla/show_bug.cgi?id=35599#c4
* https://errata.software-univention.de/#/?erratum=3.2x204 for univention-system-setup says: "The Windows NETBIOS domain name can now be up to 15 characters long. (Bug #35605)" * Yes, the machine accounts traditionally have a "$" suffix in MS AD, Samba and UCS, but that should IMHO not be calculated as "part of the netbios name". That machine account name with the suffix is stored by UDM in the `uid` field of OpenLDAP (and in sAMAccountName in Samba/AD), both of which don't have an intrinsic technical limit of 15 chars. * Bug 33387#c4 even limited to 12 characters for UCS@school because they also created an additional derived host with a suffix: "${hostname}v"
Ah, Bug 35599 was about the windows/domain name, not the hostname. The origin of the limitation to 13 character was bug #27307#c6
5adb6ddcc2d | Relax hostname length limit from 13 to 15 characters b8a6089dd51 | Advisory Successful build Package: univention-system-setup Version: 15.0.15 Branch: 5.2-0 Scope: errata5.2-1
Tested installation from latest cd with 15 chars hostname: primary: OK (Warning is broken, different bug 58260) replica: OK changelog: OK -> Verified
<https://errata.software-univention.de/#/?erratum=5.2x88>