[PATCHES] Handle expired sessions in winbindd

Stefan Metzmacher metze at samba.org
Fri Jan 8 17:33:48 UTC 2016


Hi Christof,

>> The attached patches catch the error and retry the same request on a
>> new
>> connection. The first patch is a hack to use the admember selftest
>> environment for some testing. I was not sure of the best approach of
>> getting some test coverage here. Maybe change the config of admember
>> to
>> use short-lived tickets, or create a new admember2 environment that
>> uses
>> a short ticket lifetime.
> 
> This approach is reasonable enough, and ad_dc doesn't have multiple DCs
> in it, so you can just change that one KDC.  However changing from
> ad_dc_ntvfs to ad_dc will change some other things, perhaps fixing some
> of the winbind flapping tests actually, because different other tests
> will have run against it. 

I think for testing we need to change the client,
as we do in the smb2.session.expire1 test.

So winbindd should just ask for short tickets, instead of
changing the kdc. So the admember env would be ok for that.

The patches look mostly good, but I haven't looked at the
retry logic for the ad backend in detail.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160108/182179d3/signature.sig>


More information about the samba-technical mailing list