Clock skew failures in selftest
Andrew Bartlett
abartlet at samba.org
Fri Jul 13 05:57:07 UTC 2018
I was thinking about why we might be seeing errors like this:
[789(4384)/888 at 1h12m28s]
samba4.ldap_schema.python(ad_dc_ntvfs)(ad_dc_ntvfs)
GSS client Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Clock skew too great
UNEXPECTED(error):
samba4.ldap_schema.python(ad_dc_ntvfs).__main__.SchemaTests.test_genera
ted_mAPIID(ad_dc_ntvfs)
REASON: Exception: Exception: Traceback (most recent call last):
File
"/memdisk/abartlet/a/b409336/samba/source4/dsdb/tests/python/ldap_schem
a.py", line 1173, in test_generated_mAPIID
self.ldb.modify_ldif(ldif)
File "bin/python/samba/__init__.py", line 241, in modify_ldif
self.modify(msg, controls)
LdbError: (3, 'ldb_wait from (null) with LDB_WAIT_ALL: Time limit
exceeded (3)')
For the first part (krb5):
We run with lockskew = 5 in the krb5.conf of the test client, and I
think what his happening here isn't that the packet takes 5 seconds to
get to the client, it is that if there is DB locking then the packet
takes 5 seconds inside the KDC.
Because the kdc time is set (by Samba, in the packet read handler)
before the KDC process() routine runs, if the LDB layer blocks on a
lock, the ticket can be expired before it leaves the server.
The second message suggests the same thing, that something had the DB
locked for quite some time.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
An embedded message was scrubbed...
From: autobuild at samba.org
Subject: autobuild[master] failure on sn-devel-144 for task samba during test
Date: Fri, 13 Jul 2018 07:40:41 +0200
Size: 6569
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180713/6e421675/attachment.mht>
More information about the samba-technical
mailing list