domain join stuck at krb5_get_init_creds_password

Shilpa K shilpa.krishnareddy at
Fri Apr 30 00:35:29 UTC 2021

Hi Jeremy,

Hemidal has refactored lot of code in send_to_kdc.c even for timeout with
connect. But, I found an earlier fix that addresses only the connect call
nonblocking and timeout. Below are the links for the fix that I used:


On Thu, Apr 29, 2021 at 11:09 PM Jeremy Allison <jra at> wrote:

> On Thu, Apr 29, 2021 at 06:07:12PM +0530, Shilpa K wrote:
> >Hi Jeremy,
> >
> >Thanks for the response. I do not have the network traces. In this case,
> we
> >were using 'net ads join -k' and 'net ads testuser -k'. But what I got to
> >know was that there was a firewall for one of the KDCs and Samba tried to
> >connect to it and the function krb5_sendto() got blocked in connect(). It
> >appears like the timeout value for connect() was 60seconds. As there were
> >multiple attempts to connect(), it added to the delay. I tested a fix from
> >heimdal which uses non blocking connect with timeout and this seems to
> help.
> Can you point me at the upstream heimdal fix so I can look into
> adding this to our version ?
> Thanks,
> Jeremy.

More information about the samba-technical mailing list