[Samba] net ads extremely slow when dns server configured in resolv.conf
Rodrigo Antunes
rodrigoaantunes at yahoo.com.br
Fri Oct 18 16:13:50 UTC 2024
Yes, it is Samba 4.2.10 and Debian Jessie.
Is this a know bug of that version?
Em sexta-feira, 18 de outubro de 2024 às 12:15:26 BRT, Rowland Penny via samba <samba at lists.samba.org> escreveu:
On Fri, 18 Oct 2024 15:00:38 +0000 (UTC)
Rodrigo Antunes via samba <samba at lists.samba.org> wrote:
> Hi,
>
>
> First of all, my problem is a lot similar to this:
> https://lists.samba.org/archive/samba/2017-February/206248.html
>
> I have a freeradius server (10.1.0.13) that authenticate wifi users
> against AD (10.1.0.3). 10.1.0.13 is domain joined and has 10.1.0.3 as
> it's DNS server.
>
> The problem:
> When 10.1.0.3 has no internet connection, users most of the time
> can't authenticate. When it has, everything works as it should.
>
> The "fix":
> If I use no DNS servers at all and put a fixed entry (10.1.0.3
> mydomain.com) in 10.1.0.13's /etc/hosts everything works as it
> should. Although this solves the main problem this creates other
> unrelated problems, so the freeradius server needs to work with the
> right DNS server configured.
>
>
>
> When the problem happens all the domain related commands (wbinfo, net
> ads, nltm_auth) are extremely slow and sometimes succeds and
> sometimes don't. I have run 'net ads info' in debug and found this:
>
> --
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gse_krb5
>
> (hangs for a lot of time)
>
> gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were
> supplied, or the credentials were unavailable or inaccessible.:
> unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may
> retry after a kinit. Failed to start GENSEC client mech gse_krb5:
> NT_STATUS_INTERNAL_ERROR Failed to setup SPNEGO negTokenInit request:
> NT_STATUS_INTERNAL_ERROR ads_sasl_spnego_gensec_bind(KRB5) failed
> with: An internal error occurred., calling kinit
> kerberos_kinit_password: as MYFRSERVER$@MYDOMAIN.COM using
> [MEMORY:net_ads] as ccache and config
> [/var/run/samba/smb_krb5/krb5.conf.ADM]
>
> (then tries again)
>
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gse_krb5
> --
>
> But I have noticed that the same messages appears when everything is
> working, except that there is no hangs.
>
> Any ideas?
>
>
> Samba Version 4.2.10-Debian
>
Please tell me that is typo before we go anywhere, tell me that you are
not still using Samba 4.2.10 and presumably Debian Jessie.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list