Clock skew failures in selftest
abartlet at samba.org
Fri Jul 13 05:57:07 UTC 2018
I was thinking about why we might be seeing errors like this:
[789(4384)/888 at 1h12m28s]
GSS client Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Clock skew too great
REASON: Exception: Exception: Traceback (most recent call last):
a.py", line 1173, in test_generated_mAPIID
File "bin/python/samba/__init__.py", line 241, in modify_ldif
LdbError: (3, 'ldb_wait from (null) with LDB_WAIT_ALL: Time limit
For the first part (krb5):
We run with lockskew = 5 in the krb5.conf of the test client, and I
think what his happening here isn't that the packet takes 5 seconds to
get to the client, it is that if there is DB locking then the packet
takes 5 seconds inside the KDC.
Because the kdc time is set (by Samba, in the packet read handler)
before the KDC process() routine runs, if the LDB layer blocks on a
lock, the ticket can be expired before it leaves the server.
The second message suggests the same thing, that something had the DB
locked for quite some time.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
An embedded message was scrubbed...
From: autobuild at samba.org
Subject: autobuild[master] failure on sn-devel-144 for task samba during test
Date: Fri, 13 Jul 2018 07:40:41 +0200
More information about the samba-technical