While current documentation indicates that hosts is not a valid option for name resolve order and should instead be host, there are still references to the value hosts out there (https://www.samba.org/samba/docs/using_samba/ch07.html for example). From what I can tell, the code tries to permit either variant , but there is one check related to domain controller lookups with ads security that fails if the value hosts is used . The end result is winbind being unable to lookup the DCs for a domain and clients getting the error NT_STATUS_NO_LOGON_SERVERS. It looks like a commit from 2012 broke the value hosts from passing this check .
Can the second check be modified to also match the value hosts?
Please let me know if logs would be helpful. This problem is easily reproduced by setting name resolve order to hosts, clearing the cache with 'net cache flush' and restarting samba.
Created attachment 12252 [details]
git-am fix for master.
Nick, can you confirm this works for you ? If so I'll get it pushed to master and back-ported for 4.4.next, 4.3.next.