Bug 8860 - "allow hosts = ..." not working with hostnames / netgroups
"allow hosts = ..." not working with hostnames / netgroups
Status: NEW
Product: Samba 3.6
Classification: Unclassified
Component: File services
3.6.4
All All
: P5 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-12 16:21 UTC by Neil Hoggarth
Modified: 2012-04-18 20:27 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Neil Hoggarth 2012-04-12 16:21:32 UTC
I am attempting to replace an old Samba 3.0.26a file/print server with Samba 3.6.4, in response to CVE-2012-1182.

The existing configuration makes extensive use of NIS netgroups for access control.

I'm finding that "allow hosts =" restrictions which use hostnames (either directly or by way of netgroups of hostnames) result in access checks always being denied. The log.smbd file contains entries like this:

[2012/04/12 17:01:27.421878,  0] lib/access.c:338(allow_access)
  Denied connection from 163.1.250.222 (163.1.250.222)

So it looks like an IP address is being passed into the access check routines where a hostname is expected.

I rechecked the documentation and discovered the "hostname lookups" option, but setting that to "yes" hasn't changed the symptoms.

The server that I'm trying to do this on is an x86-64 machine running openSUSE 10.3, but I've also reproduced the same problem on Ubuntu 08.04.4.
Comment 1 Jeremy Allison 2012-04-18 20:27:01 UTC
It's possible the netgroups access control code might have rotted. It's not a widely used configuration.

Can you attach a debug level 10 log so we can investigate ?

Jeremy.