Bug 854137 - dnsmasq option filterwin2k prevents domain-integrated VMs from reaching the domain-controller
dnsmasq option filterwin2k prevents domain-integrated VMs from reaching the d...
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
All Linux
unspecified Severity low
: ---
: ---
Assigned To: Libvirt Maintainers
Depends On:
  Show dependency treegraph
Reported: 2012-09-04 03:25 EDT by frank
Modified: 2012-09-08 23:59 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-09-08 23:59:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description frank 2012-09-04 03:25:29 EDT
Description of problem:
libvirt runs the dnsmasq process for virtual networks with the option "filterwin2k" which should prevent windows machines to trigger dial-on-demand lines by filtering domain-traffic. But this also prevents windows machines to reach a domain-controller if they're part of the domain. As workaround you can configure the domain-controller as dns-server manually, but that's actually not what you want in an dhcp-enabled network.
Please add a way to disable the "filterwin2k" flag, so it's possible to have domain-integrated VMs work without manual configuration of the network settings.

Version-Release number of selected component (if applicable):
libvirt 0.10.1-1

How reproducible:
Install Win2k/XP/7 as VM in an dhcp-enabled virtual network and add it to a domain. Domain-Controller won't be reached for domain-login, automatic share mapping etc until you configure the domain-controller as dns-server manually

Steps to Reproduce:
1. Install Win2k/XP77 as VM in an dhcp-enabled virtual network
2. Join a Domain
3. Try to login with domain-account
4. Configure network card to use the domain-controller as dns-server
5. Try to login with domain-account
Actual results:
In step 3, login should fail. In step 5, it'll work.

Expected results:
Login should work in step 3
Comment 1 Laine Stump 2012-09-08 23:59:04 EDT
This extra option was inadvertantly/incorrectly added in a patch just prior to 0.10.1. It has subsequently been removed with the following patch, so it will be fixed in the next upstream release:

commit f20b7dbe633acf7df9921027c6ca4f0b97918c8c
Author: Gene Czarcinski <gene@czarc.net>
Date:   Thu Sep 6 12:08:22 2012 -0400

    remove dnsmasq command line parameter "--filterwin2k"
    This patch removed the "--filterwin2k" dnsmasq command line
    parameter which was unnecessary for domain specification,
    possibly blocked some usage, and was command line clutter.

Note You need to log in before you can comment on or make changes to this bug.