[Samba] Debugging TLS Retry Handshake errors
Kris Lou
klou at themusiclink.net
Wed Sep 26 18:33:49 UTC 2018
So, I'm using Samba AD for user authentication by some web appliances,
using LDAPS over port 636. I've been doing this for quite a while -- and
my certificates and everything seem to check out.
But this week (and with one appliance -- my firewall), I'm finding that
maybe 3/20 times the bind will fail for perhaps 10 seconds. During this
time, the logs read (for each failure):
[2018/09/26 11:05:52.824630, 1]
../source4/lib/tls/tls_tstream.c:1439(tstream_tls_retry_handshake)
TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been
received.
I've repointed authentication to a single server (instead of using DNS
round robin that apparently didn't work -- different issue), and manually
spammed auth tests, which is how I was able to grab the above errors. And
by manually, that's by clicking the "test authentication button", so no
more than 3 times per 2 seconds (depends upon result speed).
Does anybody have any suggestions for debugging this further?
I don't have any "tls *" settings in my smb.conf, except the standard
cafile/certfile/keyfile.
Thanks,
Kris Lou
klou at themusiclink.net
More information about the samba
mailing list