[Samba] NEG_CONN_CACHE questions
Alexey A Nikitin
nikitin at amazon.com
Wed May 27 19:54:49 UTC 2020
I've tried searching manuals and wiki, but I can't seem to find any specifics about NEG_CONN_CACHE entries other than 'idmap negative cache time' option in smb.conf, which refers to SID/UID/GID queries and not unavailable DCs.
Specifically the issue I've ran into recently is that with 'winbind max domain connections' set to 10 I saw Winbind had single active connection to the DC on port 49159 (RPC pipe from LSA/SAM/NetLogon, from what I understand), but it was trying to establish a second connection to serve incoming auth request and it was failing to do so during DC location, because at some point it tried to do NetLogon ping to both DCs (doman has only two) and for both the ping timed out, and then it put both DCs into negative cache and during DC location process was left with no candidate DCs after negative cache entry elimination from the list. So my questions are:
1. What's the default NEG_CONN_CACHE TTL?
2. Is there a way to control NEG_CONN_CACHE, either TTL or contents? Is there a way to force Winbind to try connecting to the DCs it didn't have success with before? 'net cache flush' didn't seem to have much effect.
3. Are the rules for how a DC gets put into NEG_CONN_CACHE documented anywhere besides the code itself, or wading through the code is my only option of getting to know the criteria?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the samba