On an AD server, the "hosts allow" parameter has an unexpected behavior. It seems that it apply also to local unix socket, and if one does not add LOCAL/unixdom in the allow list, MS-RPC (RSAT ADUC, etc.) does not work.
for example the following line make ADUC NOT behave properly
hosts allow = 192.168.201. 192.168.202. 127. localhost
Adding the LOCAL/unixdom make it works.
hosts allow = 192.168.201. 192.168.202. 127. localhost LOCAL/unixdom
Using the host allow line without the LOCAL/unixdom parameter, one gets this kind of error in samba log
[2022/05/02 17:08:37.619702, 0] ../../lib/util/access.c:316(allow_access)
Denied connection from LOCAL/unixdom (LOCAL/unixdom)
There are a few post about this issue in the past
We seldom use the "hosts allow" parameter, and we bumped on that issue when re-using existing configuration from a client.
might be another bug entry, but FWIW "hosts allow" parameter seems to not apply to internal DNS queries, ie. a client computer can make DNS queries to internal DNS server even if it is not in the "hosts allow" list.
Question - do you think "LOCAL/unixdom" should be implicitly added here to hosts allow processing ? I'd like your opinion on what you think the correct fix here should be ?