On an AD server, the "hosts allow" parameter has an unexpected behavior. It seems that it apply also to local unix socket, and if one does not add LOCAL/unixdom in the allow list, MS-RPC (RSAT ADUC, etc.) does not work. for example the following line make ADUC NOT behave properly hosts allow = 192.168.201. 192.168.202. 127. localhost Adding the LOCAL/unixdom make it works. hosts allow = 192.168.201. 192.168.202. 127. localhost LOCAL/unixdom Using the host allow line without the LOCAL/unixdom parameter, one gets this kind of error in samba log [2022/05/02 17:08:37.619702, 0] ../../lib/util/access.c:316(allow_access) Denied connection from LOCAL/unixdom (LOCAL/unixdom) There are a few post about this issue in the past https://lists.samba.org/archive/samba/2017-July/209752.html https://lists.samba.org/archive/samba/2013-April/172870.html https://groups.google.com/g/mailing.unix.samba/c/RMpZvipfZPE We seldom use the "hosts allow" parameter, and we bumped on that issue when re-using existing configuration from a client.
might be another bug entry, but FWIW "hosts allow" parameter seems to not apply to internal DNS queries, ie. a client computer can make DNS queries to internal DNS server even if it is not in the "hosts allow" list.
Question - do you think "LOCAL/unixdom" should be implicitly added here to hosts allow processing ? I'd like your opinion on what you think the correct fix here should be ? Thanks !