[PATCHES] Handle expired sessions in winbindd
jra at samba.org
Tue Jan 12 21:41:30 UTC 2016
On Fri, Jan 08, 2016 at 06:33:48PM +0100, Stefan Metzmacher wrote:
> Hi Christof,
> >> The attached patches catch the error and retry the same request on a
> >> new
> >> connection. The first patch is a hack to use the admember selftest
> >> environment for some testing. I was not sure of the best approach of
> >> getting some test coverage here. Maybe change the config of admember
> >> to
> >> use short-lived tickets, or create a new admember2 environment that
> >> uses
> >> a short ticket lifetime.
> > This approach is reasonable enough, and ad_dc doesn't have multiple DCs
> > in it, so you can just change that one KDC. However changing from
> > ad_dc_ntvfs to ad_dc will change some other things, perhaps fixing some
> > of the winbind flapping tests actually, because different other tests
> > will have run against it.
> I think for testing we need to change the client,
> as we do in the smb2.session.expire1 test.
> So winbindd should just ask for short tickets, instead of
> changing the kdc. So the admember env would be ok for that.
> The patches look mostly good, but I haven't looked at the
> retry logic for the ad backend in detail.
So I've reviewed these and the patches LGTM except
for the aptly named:
[PATCH 1/8] DONOTPUSH: Hack admember selftest to have winbind receive SESSION_EXPIRED
:-). They certainly clarify the retry logic a lot,
and make the ads methods matchthe logic in
If I don't hear otherwise I'll push patches
2-8 in the next day or so !
More information about the samba-technical