[Samba] Debugging TLS Retry Handshake errors
Andrew Bartlett
abartlet at samba.org
Thu Sep 27 01:13:08 UTC 2018
On Wed, 2018-09-26 at 18:01 -0700, Kris Lou wrote:
> Hi Andrew,
>
> Thanks for the response. I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1. And the actual CPU/ memory load is minimal - ~4%/6GB free.
>
> From the client side, I'm pretty sure my tests are PHP calling ldap_connect().
>
> It's not the end of the world, and so far, it's the only appliance or application that's affected. Other tests with other web appliances don't exhibit the same issue, so I'm going to start pointing fingers there. This one just happened to crop up this week (and this week only).
>
> Worst case scenario (if this doesn't work itself out ...), I change authentication from LDAPS to Radius.
FreeRADIUS -> ntlm_auth/libwbclient -> winbindd -> AD would be much
more efficient, despite the long chain, because all the connections can
be cached.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list