domain join stuck at krb5_get_init_creds_password
Shilpa K
shilpa.krishnareddy at gmail.com
Fri Apr 30 00:35:29 UTC 2021
Hi Jeremy,
Hemidal has refactored lot of code in send_to_kdc.c even for timeout with
connect. But, I found an earlier fix that addresses only the connect call
nonblocking and timeout. Below are the links for the fix that I used:
https://github.com/heimdal/heimdal/commit/842ca62336cd44b6ed1add2c93bf7a7649c58f08#diff-c65c9c2776f6f83857fdbc5546feeea98f2a1cb6cbd4ca087cfd9d16e67d367c
https://github.com/heimdal/heimdal/commit/3a30f3b0d1e0a00e5f9372092a7a9497c2f73e98#diff-c65c9c2776f6f83857fdbc5546feeea98f2a1cb6cbd4ca087cfd9d16e67d367c
Thanks,
Shilpa
On Thu, Apr 29, 2021 at 11:09 PM Jeremy Allison <jra at samba.org> wrote:
> On Thu, Apr 29, 2021 at 06:07:12PM +0530, Shilpa K wrote:
> >Hi Jeremy,
> >
> >Thanks for the response. I do not have the network traces. In this case,
> we
> >were using 'net ads join -k' and 'net ads testuser -k'. But what I got to
> >know was that there was a firewall for one of the KDCs and Samba tried to
> >connect to it and the function krb5_sendto() got blocked in connect(). It
> >appears like the timeout value for connect() was 60seconds. As there were
> >multiple attempts to connect(), it added to the delay. I tested a fix from
> >heimdal which uses non blocking connect with timeout and this seems to
> help.
>
> Can you point me at the upstream heimdal fix so I can look into
> adding this to our version ?
>
> Thanks,
>
> Jeremy.
>
More information about the samba-technical
mailing list