[Samba] Debugging TLS Retry Handshake errors

Andrew Bartlett abartlet at samba.org
Thu Sep 27 01:13:08 UTC 2018

On Wed, 2018-09-26 at 18:01 -0700, Kris Lou wrote:
> Hi Andrew,
> Thanks for the response.  I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1.  And the actual CPU/ memory load is minimal - ~4%/6GB free.
> From the client side, I'm pretty sure my tests are PHP calling ldap_connect().
> It's not the end of the world, and so far, it's the only appliance or application that's affected.  Other tests with other web appliances don't exhibit the same issue, so I'm going to start pointing fingers there.  This one just happened to crop up this week (and this week only).
> Worst case scenario (if this doesn't work itself out ...), I change authentication from LDAPS to Radius.

FreeRADIUS -> ntlm_auth/libwbclient -> winbindd -> AD would be much
more efficient, despite the long chain, because all the connections can
be cached.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba mailing list