Bug 11150 - udp traffic like cldap replies broken by multihomed setup
Summary: udp traffic like cldap replies broken by multihomed setup
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-11 09:14 UTC by Björn Jacke
Modified: 2015-06-11 14:58 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2015-03-11 09:14:48 UTC 
CLDAP requests are not always answered via the originating source IP address. A UDP reply via a different IP is usually discarded by the clients.

Apart from that this might also get blocked by firewall. We had the same problem already in nmbd with nbt netlogon packets.

Removing multihome network setups on Samba AD servers is the only way to work around this currently. Making level 10 log was not possible as we still can't use %I in smb.conf (bug #9898). But the problem is obious...
Comment 1 Jeremy Allison 2015-03-11 15:09:21 UTC 
Hmmm. Looking at the cldap server code, it seems to keep the tsocket around and pass it from receiver to reply functions.

Björn, can you give more of a hint showing what codepaths reply from a different address ?

Jeremy.
Comment 2 Björn Jacke 2015-03-13 09:15:56 UTC 
I'm not familiar with the code paths affecting this problem. I know metze did a lot of research and work on the UDP src address problem, maybe he can say something on this?
Comment 3 Stefan Metzmacher 2015-06-11 02:26:07 UTC 
Does it work with bind interfaces only = yes ?
Comment 4 Björn Jacke 2015-06-11 14:58:30 UTC 
> Does it work with bind interfaces only = yes ?

those setups were broken with

interfaces = lo, eth0
bind interfaces only = yes