[Samba] NEG_CONN_CACHE questions
Jeremy Allison
jra at samba.org
Wed May 27 23:21:31 UTC 2020
On Wed, May 27, 2020 at 12:54:49PM -0700, Alexey A Nikitin via samba wrote:
> I've tried searching manuals and wiki, but I can't seem to find any specifics about NEG_CONN_CACHE entries other than 'idmap negative cache time' option in smb.conf, which refers to SID/UID/GID queries and not unavailable DCs.
> Specifically the issue I've ran into recently is that with 'winbind max domain connections' set to 10 I saw Winbind had single active connection to the DC on port 49159 (RPC pipe from LSA/SAM/NetLogon, from what I understand), but it was trying to establish a second connection to serve incoming auth request and it was failing to do so during DC location, because at some point it tried to do NetLogon ping to both DCs (doman has only two) and for both the ping timed out, and then it put both DCs into negative cache and during DC location process was left with no candidate DCs after negative cache entry elimination from the list. So my questions are:
>
> 1. What's the default NEG_CONN_CACHE TTL?
60 seconds.
#define FAILED_CONNECTION_CACHE_TIMEOUT (LONG_CONNECT_TIMEOUT * 2 / 1000)
#define LONG_CONNECT_TIMEOUT 30000
> 2. Is there a way to control NEG_CONN_CACHE, either TTL or contents? Is there a way to force Winbind to try connecting to the DCs it didn't have success with before? 'net cache flush' didn't seem to have much effect.
> 3. Are the rules for how a DC gets put into NEG_CONN_CACHE documented anywhere besides the code itself, or wading through the code is my only option of getting to know the criteria?
Only in the code I think, added in:
add_failed_connection_entry()
Can be cleared by:
flush_negative_conn_cache_for_domain(), which is triggered
by winbindd getting a request to go online.
More information about the samba
mailing list