Bug 12002 - hosts not a valid value for name resolve order with ads security
Summary: hosts not a valid value for name resolve order with ads security
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.3.9
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-01 05:03 UTC by Nick Bertrand
Modified: 2016-07-01 20:14 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for master. (1.09 KB, patch)
2016-07-01 20:14 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Bertrand 2016-07-01 05:03:59 UTC
While current documentation indicates that hosts is not a valid option for name resolve order and should instead be host, there are still references to the value hosts out there (https://www.samba.org/samba/docs/using_samba/ch07.html for example). From what I can tell, the code tries to permit either variant [1], but there is one check related to domain controller lookups with ads security that fails if the value hosts is used [2]. The end result is winbind being unable to lookup the DCs for a domain and clients getting the error NT_STATUS_NO_LOGON_SERVERS. It looks like a commit from 2012 broke the value hosts from passing this check [3].

Can the second check be modified to also match the value hosts?

Please let me know if logs would be helpful. This problem is easily reproduced by setting name resolve order to hosts, clearing the cache with 'net cache flush' and restarting samba.

Thanks,

Nick Bertrand

[1] https://git.samba.org/?p=samba.git;a=blob;f=source3/libsmb/namequery.c;hb=812e07418eae036f079bec7835516a86ae89f86e#l2669
[2] https://git.samba.org/?p=samba.git;a=blob;f=source3/libsmb/namequery.c;hb=812e07418eae036f079bec7835516a86ae89f86e#l3076
[3] https://git.samba.org/?p=samba.git;a=blobdiff;f=source3/libsmb/namequery.c;h=e4dda166591aaf71a3356e734bc89bfa9521dcc0;hp=4c05e4f4189c2540b9c6d0edfaaf69e1cb55974c;hb=cf9bd1d9ed6db5d35d92816382edbadc217de792;hpb=8822b3b6628e82ce85cb20d2bbbe2d0664b9aa8f
Comment 1 Jeremy Allison 2016-07-01 20:14:58 UTC
Created attachment 12252 [details]
git-am fix for master.

Nick, can you confirm this works for you ? If so I'll get it pushed to master and back-ported for 4.4.next, 4.3.next.