[Samba] NEG_CONN_CACHE questions

Alexey A Nikitin nikitin at amazon.com
Thu May 28 20:11:26 UTC 2020

On Wednesday, 27 May 2020 16:21:31 PDT Jeremy Allison wrote:
> On Wed, May 27, 2020 at 12:54:49PM -0700, Alexey A Nikitin via samba wrote:
> > 3. Are the rules for how a DC gets put into NEG_CONN_CACHE documented anywhere besides the code itself, or wading through the code is my only option of getting to know the criteria?
> Only in the code I think, added in:
> add_failed_connection_entry()
> Can be cleared by:
> flush_negative_conn_cache_for_domain(), which is triggered
> by winbindd getting a request to go online.

But if winbind is configured with 'winbind offline logon = No' then, from what I understand, winbindd will never get that request, except for maybe on restart, no?

Related question - it seems that when I have 'winbind max domain connections' set to a value above '1' Winbind attempts to open a new connection for incoming authentication requests, judging from the fact that it keeps trying to do DC location (but fails, because both candidate DCs are stuck in NEG_CONN_CACHE for some reason, even if they're answering request from, e.g., adcli). There is already an RPC pipe (ESTAB connection to port 49159 on DC), but Winbind seems to insist on opening a new connection and doesn't reuse existing. Am I misinterpreting something? I thought Winbind is supposed to open a new connection only when existing one is busy with some request?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba/attachments/20200528/438c4f2f/signature.sig>

More information about the samba mailing list