libsmb/namequery.c problems ...

Richard Sharpe rsharpe at ns.aus.com
Sat May 4 22:40:02 GMT 2002 

On Sat, 4 May 2002, Nathan Lutchansky wrote:

> On Sat, May 04, 2002 at 05:09:12PM +0930, Richard Sharpe wrote:
> > In tracking down some problems with winbindd I have noticed that 
> > namequery.c does not handle multiple IP addresses at all if a DC has 
> > multiple IP addresses (in DNS, and the DNS name is given in passwd server 
> > in the smb.conf).
> 
> This is true...  The namequery code is kind of a mess; it is hard to tell 
> which types of name resolution are capable of returning multiple 
> addresses.  NMB lookups can return multiple addresses for the DC but not 
> for hosts.  LMHOSTS and DNS lookups will only return one address even 
> though you would expect they should return multiple addresses.  Of course, 
> if you list multiple addresses in the password server directive, you get 
> multiple hosts, but only one IP per listed host.

Yes.
 
> > I suspect that this will not cause a problem if the DC has multiple 
> > adapters that are all configured and working, but if the DC has aliases, 
> > this will cause a problem because cm_get_dc_name in winbindd_cm.c calls 
> > get_dc_ip, which only returns one IP, which might be the IP of the alias. 
> 
> Why are you putting multiple IP addresses for the same DC in DNS?

Ummm, I didn't. Win2K with its dynamic DNS updating did.

>   It 
> sounds like the Windows server doesn't expect you to do this.  Samba 
> expects that each of the IP addresses it receives from get_dc_list will be 
> independent DCs.

Well, perhaps not. I think that the code was also designed to handle a 
multi-homed DC.

> > cm_get_dc_name then goes on to do a WINS request against the returned IP, 
> > but Windows seems not to listen for WINS requests against anything other 
> > than the primary IP address of the adapter.
> 
> How do Windows clients behave?  Do they somehow "know" the correct address 
> of the DC?

Windows clients send out a GetDC request to the NetLogon named pipe. We 
don't, at present.

> > This will cause painfully inexplicable results for some DCs and not 
> > others, however, it is going to require some work in namequery.c to fix.
> 
> I'm working in putting IPv6 support in Samba, which in part requires 
> changing much of the networking code to operate on address lists rather 
> than assuming that each host is identified by a single address.  This 
> should fix the multiple-IPs-per-server problem, but for this case I'm not 
> sure it will help you since the Windows server behaves differently 
> depending on which address you talk to.

OK. Sounds good. However, I need a solution now.

> The solution for your problem, I think, is to configure Samba with either
> an IP address for the DC or a DNS name that resolves to only the primary
> address.  -Nathan

Ummm, I can't. I am building something that will be installed at customer 
sites. I cannot dictate what the customer should do.


-- 
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
sharpe at ethereal.com

More information about the samba-technical mailing list