[PATCH] Update masked_match in source4 to support IPv6 addresses (resend)
Heath Kehoe
heath at digitalartefacts.com
Thu Nov 10 20:09:25 UTC 2016
On 11/10/16 13:09, Jeremy Allison wrote:
> On Thu, Nov 10, 2016 at 01:02:30PM -0600, Heath Kehoe wrote:
>> We have an AD environment backed entirely by Samba4. We have a
>> remote location where I spun up a Samba4 instance and made it a DC.
>> The remote subnet is connected to our "main" subnet via VPN, with
>> both IPv4 and IPv6.
>>
>> I set up an AD Site for the remote location and assigned the
>> appropriate subnets (both v4 and v6) to it. However, a Windows
>> client at the remote location never associated with the correct site,
>> in that 'nltest /dsgetsite' always returned the default site. Also,
>> that client would sometimes use a DC at the main site; and worse,
>> clients at the main site sometimes bound to the DC at the remote
>> site's DC causing long login times.
>>
>> So I tracked down what Samba was doing to match a client to a site.
>> I found samdb_client_site_name() which in turn uses
>> socket_allow_access() which led to masked_match() in
>> source4/lib/socket/access.c that clearly only worked with IPv4
>> addresses. Since we are using IPv6, clients failed to be matched
>> to any site.
>>
>> So I ported the masked_match() that appears in source3 (which had
>> already been updated to support IPv6) over to source4, which resolves
>> (for us) the problem with sites.
> Oh good catch. I think the correct fix for this is to
> move the source3/ masked match to lib/util/access.c
> and make both source3 and source4 link against it though.
>
> If I create this patch can you test it for me ?
>
> Jeremy.
>
I can.
-heath
More information about the samba-technical
mailing list