[cifs-protocol] [REG:120080321001822] LDAP connections have hard timelimit of one hour?
Stefan Metzmacher
metze at samba.org
Thu Aug 6 10:16:32 UTC 2020
Am 06.08.20 um 10:53 schrieb Stefan Metzmacher via cifs-protocol:
> Am 04.08.20 um 21:27 schrieb Stefan Metzmacher:
>> Am 04.08.20 um 12:37 schrieb Stefan Metzmacher via cifs-protocol:
>>> Hi Bryan,
>>>
>>>> Thank you for the question. We created SR 120080321001822 To track this issue. An engineer will contact you soon.
>>>
>>> Thanks! Note the lifetime of the krb5 service tickets seems to be 1
>>> hour, maybe that's related.
>>>
>>> For SMB2 connections there's also a relationship to the lifetime of the
>>> krb5 service ticket, before the server starts returning
>>> NT_STATUS_SESSION_EXPIRED.
>>>
>>> Maybe the LDAP server is doing something similar.
>>
>> I was able to reproduce this with a client asking for a ticket lifetime
>> of just 4 seconds.
>>
>> It would be good to get that documented and how a client should
>> handle that.
>
> We found that this is related to RFC4511 section
> 4.4.1 Notice of Disconnection.
>
> While testing we found that Windows Servers have a cleanup timer that
> runs once a minute and close any connection that's no
> longer valid (with just a TCP RST and without a Notice of Disconnection).
>
> If a client sends a request in the time window of 0-59 seconds between
> the connection expiration and the cleanup timer, the client will
> get the Notice of Disconnection. Once the client sends the TCP ACK for
> that Windows 2008R2 and 2012R2 seem to send an immediate TCP RST,ACK.
> Is it possible that Windows 2019 doesn't send that TCP RST?
One more detail question to this.
Is it possible to do a new bind in that 0-59 seconds windows?
Similar to a SMB2 session setup reauth after getting
NT_STATUS_SESSION_EXPIRED?
Thanks!
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20200806/b795d85d/signature.sig>
More information about the cifs-protocol
mailing list