Winbind hangs in ads_try_connect (SYN_SENT hang)
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jun 9 19:23:52 GMT 2003
All,
Not strictly a Samba bug, but definitely something it might want to
handle more gracefully.
For various reasons, a trusted domain of our main Win2K Active Directory
is running NT4, and one of the DCs has an IP registered in WINS which
isn't reachable (at least from where I am). This results in the
following in winbindd.log after doing a "wbinfo -m":
[2003/06/09 19:55:41, 10] libsmb/namequery.c:internal_resolve_name(926)
internal_resolve_name: returning 6 addresses: 192.168.52.11
192.168.52.25 192.168.52.10 192.168.62.246 192.168.62.241 192.168.62.245
[2003/06/09 19:55:41, 6] libads/ldap.c:ads_try_netbios(209)
ads_try_netbios: trying server '192.168.52.11'
[2003/06/09 19:55:41, 5] libads/ldap.c:ads_try_connect(53)
ads_try_connect: trying ldap server '192.168.52.11' port 389
The thing actually hangs inside "ldap_open" with the TCP socket in a
SYN_SENT state - strace shows:
write(4, " ads_try_connect: trying ldap s"..., 63) = 63
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 18
fcntl64(18, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(18, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(18, {sin_family=AF_INET, sin_port=htons(389),
sin_addr=inet_addr("192.168.52.11")}}, 16) = -1 EINPROGRESS (Operation
now in progress)
select(1024, NULL, [18], NULL, NULL
The following patch seems to correct it for me:
diff -uNr samba-3.0.0beta1/source/libads/ldap.c
samba-3.0.0beta1-patched/source/libads/ldap.c
--- samba-3.0.0beta1/source/libads/ldap.c 2003-06-07 18:57:33.000000000 +0100
+++ samba-3.0.0beta1-patched/source/libads/ldap.c 2003-06-09 20:12:22.000000000 +0100
@@ -45,6 +45,7 @@
static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server,
unsigned port)
{
char *srv;
+ struct timeval tv;
if (!server || !*server) {
return False;
@@ -55,11 +56,17 @@
/* this copes with inet_ntoa brokenness */
srv = strdup(server);
- ads->ld = ldap_open(srv, port);
+ ads->ld = ldap_init(srv, port);
if (!ads->ld) {
free(srv);
return False;
}
+ /* Set the network layer timeout
+ * for unreachable or buggy servers
+ */
+ tv.tv_sec = 15; /* should be configureable */
+ tv.tv_usec = 0;
+ ldap_set_option(ads->ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
ads->ldap_port = port;
ads->ldap_ip = *interpret_addr2(srv);
free(srv);
However, I'm not sure the error handling logic elsewhere in libads may
be setup to handle errors that would otherwise have resulted from
ldap_open actually failing to make the connection.
I note that ldap_open is listed as "deprecated" in the "ldap_open"
manpage on my RedHat 8 machine (OpenLDAP 2.0.27) in favour of
"ldap_init".
--
Regards,
Phil
+------------------------------------------+
| Phil Mayers |
| Network & Infrastructure Group |
| Information & Communication Technologies |
| Imperial College |
+------------------------------------------+
More information about the samba-technical
mailing list