[cifs-protocol] [REG:120080321001822] LDAP connections have hard timelimit of one hour?

Stefan Metzmacher metze at samba.org
Tue Aug 4 10:37:20 UTC 2020

Hi Bryan,

> Thank you for the question.  We created SR 120080321001822 To track this issue.  An engineer will contact you soon.

Thanks! Note the lifetime of the krb5 service tickets seems to be 1
hour, maybe that's related.

For SMB2 connections there's also a relationship to the lifetime of the
krb5 service ticket, before the server starts returning

Maybe the LDAP server is doing something similar.


> -----Original Message-----
> From: Stefan Metzmacher <metze at samba.org> 
> Sent: Monday, August 3, 2020 7:54 AM
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> Cc: cifs-protocol at lists.samba.org
> Subject: [EXTERNAL] LDAP connections have hard timelimit of one hour?
> Hi DocHelp,
> I just debugged a problem where a Windows AD DC send the following message after exactly 1 hour:
>  LDAPMessage extendedResp(0) (The server has timed out this connection)
>      messageID: 0
>      protocolOp: extendedResp (24)
>      extendedResp
>      resultCode: unavailable (52)
>      matchedDN:
>      errorMessage: The server has timed out this connection
> The connection was used at least every minute and the last success was returned 2 seconds before this.
> These are Windows 2019 DCs, is this special to them, or does this happen with any Windows Version?
> I can't find anything related in [MS-ADTS]
> Can you clarify this?
> Thanks!
> metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20200804/509a7843/signature.sig>

More information about the cifs-protocol mailing list