[Samba] net ads extremely slow when dns server configured in resolv.conf

Rodrigo Antunes rodrigoaantunes at yahoo.com.br
Fri Oct 18 16:13:50 UTC 2024


Yes, it is Samba 4.2.10 and Debian Jessie.

Is this a know bug of that version?



Em sexta-feira, 18 de outubro de 2024 às 12:15:26 BRT, Rowland Penny via samba <samba at lists.samba.org> escreveu: 





On Fri, 18 Oct 2024 15:00:38 +0000 (UTC)
Rodrigo Antunes via samba <samba at lists.samba.org> wrote:

> Hi, 
> 
> 
> First of all, my problem is a lot similar to this:
> https://lists.samba.org/archive/samba/2017-February/206248.html
> 
> I have a freeradius server (10.1.0.13) that authenticate wifi users
> against AD (10.1.0.3). 10.1.0.13 is domain joined and has 10.1.0.3 as
> it's DNS server.
> 
> The problem: 
> When 10.1.0.3 has no internet connection, users most of the time
> can't authenticate. When it has, everything works as it should.
> 
> The "fix":
> If I use no DNS servers at all and put a fixed entry (10.1.0.3
> mydomain.com) in 10.1.0.13's /etc/hosts everything works as it
> should. Although this solves the main problem this creates other
> unrelated problems, so the freeradius server needs to work with the
> right DNS server configured.
> 
> 
> 
> When the problem happens all the domain related commands (wbinfo, net
> ads, nltm_auth) are extremely slow and sometimes succeds and
> sometimes don't. I have run 'net ads info' in debug and found this:
> 
> --
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gse_krb5 
> 
> (hangs for a lot of time)
> 
> gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were
> supplied, or the credentials were unavailable or inaccessible.:
> unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may
> retry after a kinit. Failed to start GENSEC client mech gse_krb5:
> NT_STATUS_INTERNAL_ERROR Failed to setup SPNEGO negTokenInit request:
> NT_STATUS_INTERNAL_ERROR ads_sasl_spnego_gensec_bind(KRB5) failed
> with: An internal error occurred., calling kinit
> kerberos_kinit_password: as MYFRSERVER$@MYDOMAIN.COM using
> [MEMORY:net_ads] as ccache and config
> [/var/run/samba/smb_krb5/krb5.conf.ADM]
> 
> (then tries again)
> 
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gse_krb5
> --
> 
> But I have noticed that the same messages appears when everything is
> working, except that there is no hangs.
> 
> Any ideas?
> 
> 
> Samba Version 4.2.10-Debian
> 

Please tell me that is typo before we go anywhere, tell me that you are
not still using Samba 4.2.10 and presumably Debian Jessie.

Rowland




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list