[Pkg-samba-maint] Bug#459972: winbind: want to limit libnss_wins checks to WINS (no broadcasting)

Steve Langasek vorlon at debian.org
Wed Jan 9 22:44:00 UTC 2008 

On Wed, Jan 09, 2008 at 05:23:34PM -0500, Matt Swift wrote:
> Package: winbind
> Version: 3.0.24-6etch9
> Severity: wishlist

> I have some Windows hosts connected to a Debian host via a routed
> OpenVPN interface.  The names of these hosts can be resolved through
> WINS (Samba running on the Debian host), but not through the Debian
> name resolution sequence unless I install winbind and include "wins"
> in the "hosts:" line of /etc/nsswitch.conf.  Doing that works fine,
> but there is a significant penalty: a Debian lookup for a nonexistent
> name now takes several orders of magnitude longer, e.g., 1.8 seconds
> instead of .004 seconds.  The reason for the delay is that if a name
> reaches the "wins" method and is a miss in the WINS server, the "wins"
> method always attempts to resolve the name with a broadcast, and this
> takes a relatively long time to fail.

> It is therefore my wishlist request to be able to configure Debian to
> resolve names with a WINS lookup but avoid superfluous broadcasting
> for names.  "Superfluous" in my case (and it must be common) means
> broadcasts for all but single-label unqualified names (more
> specifically, valid Netbios names, e.g., <15 chars).  This could be
> done any of several ways, but it would be ideal to be able to
> configure the "wins" method to return failure immediately on lookups
> of anything but a valid Netbios name.  This requires examining and
> parsing the name query, however.  It would work nearly as well to be
> able to write an /etc/nsswitch.conf that specifies only WINS lookups
> and never broadcasts, since I don't expect ever to find a host via
> broadcast that isn't already in the WINS database.  This remedy ought
> to be relatively easy to implement: since the WINS lookup and the
> broadcast are separate phases anyway, skipping one should be easy.
> One could implement new methods "winsonly" and "winsbroadcast" while
> retaining legacy "wins" meaning "winsonly winsbroadcast".
> Alternatively, if the WINS server is already aware of the Samba config
> value of "name resolve order" then this value could determine the
> behavior of the "wins" method in /etc/nsswitch.conf.

Just to confirm, are you saying that setting "name resolve order = wins" in
/etc/samba/smb.conf does not fix this timeout problem for you?

I don't think it makes sense to have nss_wins exposing different behavior to
the system than is used by Samba itself; but if it's not respecting the
smb.conf values, that's certainly a bug to be fixed IMHO.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

More information about the Pkg-samba-maint mailing list