Bug 84822

Summary: Phoebe client takes over master browser/GC role on MS network
Product: [Retired] Red Hat Linux Reporter: Todd Booher <tbooher>
Component: sambaAssignee: Jay Fenlason <fenlason>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: bfox, djh, jfeeney, mitr
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-04-08 15:52:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Todd Booher 2003-02-21 18:36:23 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Description of problem:
After connecting a clean install of phoebe beta 3 to our lab
network, the client assumed the master browser role due to its
samba settings.  It also assumed the global catalog (GC) role
causing MS Exchange servers to be unable to do directory lookups
for routing email (they use GC's for this function).  Upon removing
the phoebe client from the network, normal operation of the master
browser and GC resumed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Connect a phoebe beta 3 client to a Windows 2000 network with Exchange 2000
2.Run netdom tool to verify who the master browser is on the network
3.Verify that mail is queing in the "Awaiting Directory Lookup" queue on the 
exchange servers.
4.Remove phoebe client and all network functions go back to normal.

Actual Results:  Network services were impaired due to failure of the master 
browser and global catalog.

Expected Results:  Phoebe client would not affect normal network functions by 
having the appropriate samba settings to not assume these roles.

Additional info:

The default samba config needs to be changed so that it does not
interfere with the normal network operations on an MS network.  The following 
settings should be used:

 local master = no
 os level = 0
 domain master = no
 preferred master = no
 domain logons = no
 wins support = no
 wins proxy = no
 dns proxy = no

Comment 1 Jay Fenlason 2003-03-06 20:40:19 UTC
The default configuration will never be appropriate for all environments.  You
need to set the browsing mastership appropriately for your network at the same
time you change the workgroup name, server comment, etc.

Instead of changing the default config, redhat-config-samba should have a
convenient panel for setting these important parameters.

Comment 2 Todd Booher 2003-03-06 20:47:06 UTC
I understand the default config will not meet everyone's 
particular layout but if it's left as is, it will create
a problem with network services.  I don't think Redhat want's
to see a a new article about how some user placed their
new Redhat pc on their corporate network and brought down
a number of services.  The changes I mentioned would still
allow the user to browse the network, just not take control
of it.

Obviously, it's Redhat's decision, I just would hate to see
it implemented like this since it will most likely cause people
a great deal of pain.

Comment 3 Brent Fox 2003-03-06 21:01:31 UTC
I agree with Todd...this default setting can cause problems with other computers
on the network.  We should always try to pick safe defaults.

There should be a way to configure this in redhat-config-samba but I also think
that we should try to pick defaults that will be right for the greatest number
of users.  

I'm willing to bet that the majority of people running samba do not use is as
the domain controller...they just want to share files with Windows machines.  
If this is true, then the majority of people using redhat-config-samba will have
to go "unbreak" their configuration.  We should make the common case as simple
as possible.

Comment 4 Jay Fenlason 2003-04-08 15:52:03 UTC
I changed the defaults for the next rawhide Samba build.  Now I'll just have to
field all the "Samba stopped working" bug reports from people who expect the old