[Pkg-samba-maint] Bug#459972: winbind: want to limit libnss_wins checks to WINS (no broadcasting)

Matt Swift debian-bugs at mattswift.net
Wed Jan 9 22:23:34 UTC 2008 

Package: winbind
Version: 3.0.24-6etch9
Severity: wishlist

I have some Windows hosts connected to a Debian host via a routed
OpenVPN interface.  The names of these hosts can be resolved through
WINS (Samba running on the Debian host), but not through the Debian
name resolution sequence unless I install winbind and include "wins"
in the "hosts:" line of /etc/nsswitch.conf.  Doing that works fine,
but there is a significant penalty: a Debian lookup for a nonexistent
name now takes several orders of magnitude longer, e.g., 1.8 seconds
instead of .004 seconds.  The reason for the delay is that if a name
reaches the "wins" method and is a miss in the WINS server, the "wins"
method always attempts to resolve the name with a broadcast, and this
takes a relatively long time to fail.

It is therefore my wishlist request to be able to configure Debian to
resolve names with a WINS lookup but avoid superfluous broadcasting
for names.  "Superfluous" in my case (and it must be common) means
broadcasts for all but single-label unqualified names (more
specifically, valid Netbios names, e.g., <15 chars).  This could be
done any of several ways, but it would be ideal to be able to
configure the "wins" method to return failure immediately on lookups
of anything but a valid Netbios name.  This requires examining and
parsing the name query, however.  It would work nearly as well to be
able to write an /etc/nsswitch.conf that specifies only WINS lookups
and never broadcasts, since I don't expect ever to find a host via
broadcast that isn't already in the WINS database.  This remedy ought
to be relatively easy to implement: since the WINS lookup and the
broadcast are separate phases anyway, skipping one should be easy.
One could implement new methods "winsonly" and "winsbroadcast" while
retaining legacy "wins" meaning "winsonly winsbroadcast".
Alternatively, if the WINS server is already aware of the Samba config
value of "name resolve order" then this value could determine the
behavior of the "wins" method in /etc/nsswitch.conf.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-13etch3-corax-1
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages winbind depends on:
ii  add 3.102                                Add and remove users and groups
ii  lib 2.6.1-1                              GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.4.4-7etch4                         MIT Kerberos runtime libraries
ii  lib 2.1.30-13.3                          OpenLDAP libraries
ii  lib 0.79-5                               Pluggable Authentication Modules l
ii  lib 1.10-3                               lib for parsing cmdline parameters
ii  lsb 3.1-23.2etch1                        Linux Standard Base 3.1 init scrip
ii  sam 3.0.24-6etch9                        Samba common files used by both th

winbind recommends no packages.

-- no debconf information

More information about the Pkg-samba-maint mailing list