11108 – Samba allows changing own DNS A Record by client request

Bug 11108 - Samba allows changing own DNS A Record by client request

Summary: Samba allows changing own DNS A Record by client request

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DNS server (internal) (show other bugs)
Version:	4.1.16
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	4.3
Assignee:	Kai Blin
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-20 14:08 UTC by Tim Eberhardt
Modified:	2015-12-09 19:10 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Eberhardt 2015-02-20 14:08:27 UTC

We have a Samba 4.1.16 (Sernet packages) DC running under Ubuntu 14.04 and tested sssd's AD authentication on a Linux client (Ubuntu 14.04).

We made a mistake configuring sssd and set the DC's hostname under the ad_hostname setting (which should be the clients hostname). After that the DC was no longer working properly (no shares, kerberos, ...) because the registration of the client with the DC's hostname changed the DNS A record the DC itself.

IMO this should not be possible and samba should protect it's own DNS record against manipulation by client machines.

Comment 1 Andrew Bartlett 2015-08-10 03:21:48 UTC

Is this any different in Windows?  It would be good to work out the mechanism.

BTW, you can seriously damage a Samba or Windows AD DC by changing it's own password from a client joining with the same name (using the admin credentials).