The Samba-Bugzilla – Bug 8860
"allow hosts = ..." not working with hostnames / netgroups
Last modified: 2012-04-18 20:27:01 UTC
I am attempting to replace an old Samba 3.0.26a file/print server with Samba 3.6.4, in response to CVE-2012-1182.
The existing configuration makes extensive use of NIS netgroups for access control.
I'm finding that "allow hosts =" restrictions which use hostnames (either directly or by way of netgroups of hostnames) result in access checks always being denied. The log.smbd file contains entries like this:
[2012/04/12 17:01:27.421878, 0] lib/access.c:338(allow_access)
Denied connection from 22.214.171.124 (126.96.36.199)
So it looks like an IP address is being passed into the access check routines where a hostname is expected.
I rechecked the documentation and discovered the "hostname lookups" option, but setting that to "yes" hasn't changed the symptoms.
The server that I'm trying to do this on is an x86-64 machine running openSUSE 10.3, but I've also reproduced the same problem on Ubuntu 08.04.4.
It's possible the netgroups access control code might have rotted. It's not a widely used configuration.
Can you attach a debug level 10 log so we can investigate ?