Clock skew failures in selftest

Andrew Bartlett abartlet at
Fri Jul 13 05:57:07 UTC 2018

I was thinking about why we might be seeing errors like this:

[789(4384)/888 at 1h12m28s]
GSS client Update(krb5)(1) Update failed:  Miscellaneous failure (see
text): Clock skew too great
REASON: Exception: Exception: Traceback (most recent call last):
"/memdisk/abartlet/a/b409336/samba/source4/dsdb/tests/python/ldap_schem", line 1173, in test_generated_mAPIID
  File "bin/python/samba/", line 241, in modify_ldif
    self.modify(msg, controls)
LdbError: (3, 'ldb_wait from (null) with LDB_WAIT_ALL: Time limit
exceeded (3)')

For the first part (krb5):

We run with lockskew = 5 in the krb5.conf of the test client, and I
think what his happening here isn't that the packet takes 5 seconds to
get to the client, it is that if there is DB locking then the packet
takes 5 seconds inside the KDC.

Because the kdc time is set (by Samba, in the packet read handler)
before the KDC process() routine runs, if the LDB layer blocks on a
lock, the ticket can be expired before it leaves the server. 

The second message suggests the same thing, that something had the DB
locked for quite some time.

Andrew Bartlett
Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT
-------------- next part --------------
An embedded message was scrubbed...
From: autobuild at
Subject: autobuild[master] failure on sn-devel-144 for task samba during test
Date: Fri, 13 Jul 2018 07:40:41 +0200
Size: 6569
URL: <>

More information about the samba-technical mailing list