Currently the provision code does not allow using realms (and DNS domainnames) that do not contain a dot. The error message is:
ProvisioningError: guess_names: Realm 'LOCAL' must not be equal to short domain
The origin of this error message is a check to assure realm != (windows) domain. This check seems to be obsolete.
Created attachment 6796 [details]
Allow realm equal windows domain
Do you have a particular use case that requires this?
This is an important protection to first-time users, and I would be very hesitant to allow this kind of possibly-valid but very unusual configuration.
If it really must be allowed for a real-world use case, I would suggest that it be behind a '--i-really-know-what-i-am-doing', because it will break so many other things (assumptions about AD domains being proper DNS names are embedded in many applications that use AD).
Is it the case that DNS domains without a dot are invalid?
I've heard rumour of domains where the realm and the netbios domain name are identical, either with or without dots.
However, it's a really bad idea, and I'm keen to make it hard to create such domains with Samba. If someone can make these domains with windows (ie, this part needs testing), then we need to be able to make them with Samba. I just want it to be hard to do.
Your are right, at least 2k8R2 dcpromo enforces a dot. We probably will use the same policy in UCS, to avoid compatibility issus, so I would at least cancel my request.
Arvid, should I close your request with "WONTFIX"?
Created attachment 8730 [details]
proposed, but unsted patch to fix this in a different way
This patch allows one specific case: Where we join an existing domain that has domain == realm, we should allow it.