Your message dated Mon, 17 Jul 2017 20:45:31 +1200
with message-id <>
and subject line nss_wins uses winbind, which only does wins
has caused the Debian Bug report #459972,
regarding winbind: want to limit libnss_wins checks to WINS (no broadcasting)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
Package: winbind
Version: 3.0.24-6etch9
Severity: wishlist

I have some Windows hosts connected to a Debian host via a routed
OpenVPN interface.  The names of these hosts can be resolved through
WINS (Samba running on the Debian host), but not through the Debian
name resolution sequence unless I install winbind and include "wins"
in the "hosts:" line of /etc/nsswitch.conf.  Doing that works fine,
but there is a significant penalty: a Debian lookup for a nonexistent
name now takes several orders of magnitude longer, e.g., 1.8 seconds
instead of .004 seconds.  The reason for the delay is that if a name
reaches the "wins" method and is a miss in the WINS server, the "wins"
method always attempts to resolve the name with a broadcast, and this
takes a relatively long time to fail.

It is therefore my wishlist request to be able to configure Debian to
resolve names with a WINS lookup but avoid superfluous broadcasting
for names.  "Superfluous" in my case (and it must be common) means
broadcasts for all but single-label unqualified names (more
specifically, valid Netbios names, e.g., <15 chars).  This could be
done any of several ways, but it would be ideal to be able to
configure the "wins" method to return failure immediately on lookups
of anything but a valid Netbios name.  This requires examining and
parsing the name query, however.  It would work nearly as well to be
able to write an /etc/nsswitch.conf that specifies only WINS lookups
and never broadcasts, since I don't expect ever to find a host via
broadcast that isn't already in the WINS database.  This remedy ought
to be relatively easy to implement: since the WINS lookup and the
broadcast are separate phases anyway, skipping one should be easy.
One could implement new methods "winsonly" and "winsbroadcast" while
retaining legacy "wins" meaning "winsonly winsbroadcast".
Alternatively, if the WINS server is already aware of the Samba config
value of "name resolve order" then this value could determine the
behavior of the "wins" method in /etc/nsswitch.conf.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-13etch3-corax-1
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages winbind depends on:
ii  add 3.102                                Add and remove users and groups
ii  lib 2.6.1-1                              GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.4.4-7etch4                         MIT Kerberos runtime libraries
ii  lib 2.1.30-13.3                          OpenLDAP libraries
ii  lib 0.79-5                               Pluggable Authentication Modules l
ii  lib 1.10-3                               lib for parsing cmdline parameters
ii  lsb 3.1-23.2etch1                        Linux Standard Base 3.1 init scrip
ii  sam 3.0.24-6etch9                        Samba common files used by both th

winbind recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message ---
Version: 4.2.0


nss_wins now uses winbindd (not direct socket access), and that only
does a WINS lookup, not a broadcast lookup.

Samba 4.2.14 was forced into all supported releases by the 'badlock'
fixes a year ago.


Andrew Bartlett
Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

--- End Message ---

Reply via email to