Uploaded image for project: 'Facter'
  1. Facter
  2. FACT-2923

Domain on Windows should be retrieved priority from registry

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: FACT 4.0.48
    • Fix Version/s: FACT 4.0.50
    • Component/s: Facter 4
    • Labels:
    • Template:
    • Team:
      Night's Watch
    • Story Points:
      1
    • Sprint:
      NW - 2021-02-03
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Description of the problem: Facter 4 prioritizes network interface domain names over the registry information on Windows. This is a problem because it affects how the agent determines its Puppet[:certname] and can cause agents to try to retrieve a new client certificate under a different name.

      Description of the fix: Retrieve networking domain on Windows with priority from registry.
      Show
      Description of the problem: Facter 4 prioritizes network interface domain names over the registry information on Windows. This is a problem because it affects how the agent determines its Puppet[:certname] and can cause agents to try to retrieve a new client certificate under a different name. Description of the fix: Retrieve networking domain on Windows with priority from registry.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Facter 4.0.48 (in Pull Request 2245) resolved a regression in gem-based Facter 4.0.x that did not check for domain name in registry on Windows machines (filed as FACT-2882).

      This resolution however prioritizes network interface domain names in favor of the registry information. Puppet 6 and Facter 3 prioritized the registry entries, so this is a regression (or at least, a notable change in behavior).

      This is important for domain-joined machines, which store their domain name information in the registry. They may have a network interface with a different domain name received over DHCP, which may be hard to remove depending on the networking circumstances. For these machines where both network adapters have a domain name, and the registry has a domain name, if there is a mismatch, the argument is that the registry is a more safe option to default to.

        Attachments

          Activity

            People

            Assignee:
            oana.tanasoiu Oana Tanasoiu
            Reporter:
            oana.tanasoiu Oana Tanasoiu
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support