[Samba] samba-tool hangs when using kerberos auth when a DC or site is offline
tonio at ubuntu.com
Wed Jan 12 16:07:31 UTC 2022
I'm trying to fix this for month now.
Have 2 sites, 2 DCs per site, with dhcp failover and dhcp to dns provisionning on each of them.
The 2 sites are linked with proper routes and a wireguard vpn and it works like a charm since 2015.
The thing is that when the 2 sites are unlinked because the vpn is down, any samba-tool request that uses the -k option start responding slow, sometimes hanging forever.
To make this clear, on Site 1, DC 1, I'm launching this command :
samba-tool dns query DC1 domain.lan PC01 A -k yes
Response time is about 0.1 s, sometimes 0.2, everytime, very efficiently.
When I stop the VPN, it sometimes responds in 0.1 sec, sometimes in 10 seconds, sometimes never. Same thing with any other samba-tool command, as long as I use the "-k yes" option (kerberos auth).
In my case this breaks the dhcp-dns script, now based on samba-tool, which breaks the dhcp, which breaks... Everything ;) When I meet an internet connection issue, my LAN breaks, simple.
Using samba-tool with debug level 9 doesn't help, since the issue is with kerberos (no hang with -U option), but nothing in the logs or the output indicates a problem, It just seems to "wait" and never timeouts.
Any help appreciated !
More information about the samba