Bug 854137

Summary: dnsmasq option filterwin2k prevents domain-integrated VMs from reaching the domain-controller
Product: [Community] Virtualization Tools Reporter: frank
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: dyasny, laine
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-09 03:59:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description frank 2012-09-04 07:25:29 UTC 
Description of problem:
libvirt runs the dnsmasq process for virtual networks with the option "filterwin2k" which should prevent windows machines to trigger dial-on-demand lines by filtering domain-traffic. But this also prevents windows machines to reach a domain-controller if they're part of the domain. As workaround you can configure the domain-controller as dns-server manually, but that's actually not what you want in an dhcp-enabled network.
Please add a way to disable the "filterwin2k" flag, so it's possible to have domain-integrated VMs work without manual configuration of the network settings.

Version-Release number of selected component (if applicable):
libvirt 0.10.1-1

How reproducible:
Install Win2k/XP/7 as VM in an dhcp-enabled virtual network and add it to a domain. Domain-Controller won't be reached for domain-login, automatic share mapping etc until you configure the domain-controller as dns-server manually

Steps to Reproduce:
1. Install Win2k/XP77 as VM in an dhcp-enabled virtual network
2. Join a Domain
3. Try to login with domain-account
4. Configure network card to use the domain-controller as dns-server
5. Try to login with domain-account
  
Actual results:
In step 3, login should fail. In step 5, it'll work.

Expected results:
Login should work in step 3
Comment 1 Laine Stump 2012-09-09 03:59:04 UTC 
This extra option was inadvertantly/incorrectly added in a patch just prior to 0.10.1. It has subsequently been removed with the following patch, so it will be fixed in the next upstream release:

commit f20b7dbe633acf7df9921027c6ca4f0b97918c8c
Author: Gene Czarcinski <gene>
Date:   Thu Sep 6 12:08:22 2012 -0400

    remove dnsmasq command line parameter "--filterwin2k"
    
    This patch removed the "--filterwin2k" dnsmasq command line
    parameter which was unnecessary for domain specification,
    possibly blocked some usage, and was command line clutter.