[cifs-protocol] [REG:120080321001822] LDAP connections have hard timelimit of one hour?

Stefan Metzmacher metze at samba.org
Tue Aug 4 19:27:57 UTC 2020


Am 04.08.20 um 12:37 schrieb Stefan Metzmacher via cifs-protocol:
> Hi Bryan,
> 
>> Thank you for the question.  We created SR 120080321001822 To track this issue.  An engineer will contact you soon.
> 
> Thanks! Note the lifetime of the krb5 service tickets seems to be 1
> hour, maybe that's related.
> 
> For SMB2 connections there's also a relationship to the lifetime of the
> krb5 service ticket, before the server starts returning
> NT_STATUS_SESSION_EXPIRED.
> 
> Maybe the LDAP server is doing something similar.

I was able to reproduce this with a client asking for a ticket lifetime
of just 4 seconds.

It would be good to get that documented and how a client should
handle that.

metze

>> -----Original Message-----
>> From: Stefan Metzmacher <metze at samba.org> 
>> Sent: Monday, August 3, 2020 7:54 AM
>> To: Interoperability Documentation Help <dochelp at microsoft.com>
>> Cc: cifs-protocol at lists.samba.org
>> Subject: [EXTERNAL] LDAP connections have hard timelimit of one hour?
>>
>> Hi DocHelp,
>>
>> I just debugged a problem where a Windows AD DC send the following message after exactly 1 hour:
>>
>>  LDAPMessage extendedResp(0) (The server has timed out this connection)
>>      messageID: 0
>>      protocolOp: extendedResp (24)
>>      extendedResp
>>      resultCode: unavailable (52)
>>      matchedDN:
>>      errorMessage: The server has timed out this connection
>>
>> The connection was used at least every minute and the last success was returned 2 seconds before this.
>>
>> These are Windows 2019 DCs, is this special to them, or does this happen with any Windows Version?
>>
>> I can't find anything related in [MS-ADTS]
>>
>> Can you clarify this?
>>
>> Thanks!
>> metze
>>
> 
> 
> 
> _______________________________________________
> cifs-protocol mailing list
> cifs-protocol at lists.samba.org
> https://lists.samba.org/mailman/listinfo/cifs-protocol
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20200804/05738cd6/signature.sig>


More information about the cifs-protocol mailing list