FW: Winbindd timeout on unreacheable domains

Lin Li linl at xandros.com
Thu Feb 19 14:58:39 GMT 2004

> On Thu, 2004-02-19 at 22:39, ww m-pubsyssamba wrote:

>> Hi Andrew,
>> 	thanks for your reply, please see my comments below,

>> ## My test forest has only two DC's so I don't think there's much that can go wrong in such a simple
>> ## environment, (exact timeout is actually consistantly 3mins 50seconds). However I'm going to test  
>> ## this in our live environment over the weekend by isolating a DC and samba server from the rest of 
>> ## the network so I'll see for real how bad this will be with many trusted domains.

> The thing that would benefit me most would probably be a network trace. 
> (To me personally would probably be best).

> What I'm trying to pin down is 'what is waiting'.  If it is LDAP
> connect() calls, then we might consider using code we already have to
> make the LDAP connection attempt time-out sooner - likewise, there are
> configuration settings in resolv.conf, for how long a DNS query may take
> to timeout.

> Andrew Bartlett

In fact I have logged a bug (#704) for this. It's doing ads_try_connect(). My solution is to use ldap_init() instead of ldap_open() and set a small timeout using ldap_set_option(). Here is my patch (I'm using 3.0.0) and it works in my test.
+       struct timeval timeout;

        if (!server || !*server) {
                return False;
@@ -58,11 +59,15 @@
        /* this copes with inet_ntoa brokenness */
        srv = strdup(server);

-       ads->ld = ldap_open(srv, port);
+       ads->ld = ldap_init(srv, port);
        if (!ads->ld) {
                return False;
+       timeout.tv_sec = 15;
+       timeout.tv_usec = 0;
+       ldap_set_option(ads->ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
        ads->ldap_port = port;
        ads->ldap_ip = *interpret_addr2(srv);


Xandros Corporation
Simple. Powerful. Linux.
Visit us at http://www.xandros.com

More information about the samba-technical mailing list