Bug 8860 - "allow hosts = ..." not working with hostnames / netgroups
Summary: "allow hosts = ..." not working with hostnames / netgroups
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.6.4
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-12 16:21 UTC by Neil Hoggarth
Modified: 2021-08-05 12:23 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Neil Hoggarth 2012-04-12 16:21:32 UTC
I am attempting to replace an old Samba 3.0.26a file/print server with Samba 3.6.4, in response to CVE-2012-1182.

The existing configuration makes extensive use of NIS netgroups for access control.

I'm finding that "allow hosts =" restrictions which use hostnames (either directly or by way of netgroups of hostnames) result in access checks always being denied. The log.smbd file contains entries like this:

[2012/04/12 17:01:27.421878,  0] lib/access.c:338(allow_access)
  Denied connection from 163.1.250.222 (163.1.250.222)

So it looks like an IP address is being passed into the access check routines where a hostname is expected.

I rechecked the documentation and discovered the "hostname lookups" option, but setting that to "yes" hasn't changed the symptoms.

The server that I'm trying to do this on is an x86-64 machine running openSUSE 10.3, but I've also reproduced the same problem on Ubuntu 08.04.4.
Comment 1 Jeremy Allison 2012-04-18 20:27:01 UTC
It's possible the netgroups access control code might have rotted. It's not a widely used configuration.

Can you attach a debug level 10 log so we can investigate ?

Jeremy.
Comment 2 Volker Lendecke 2021-08-05 12:23:16 UTC
No feedback, and if I see it correctly, proper netgroup support was removed with 620de975f147ac942 in April 2021. Closing this as WONTFIX.