[Samba] net ads extremely slow when dns server configured in resolv.conf

lists at zxt10d.de lists at zxt10d.de
Sat Oct 19 05:22:16 UTC 2024


Hi,

create a VM and join ...
If that's not an option, maybe this posting does (at least up-to 4.6.x):
https://lists.samba.org/archive/samba/2017-July/209856.html

Cheers,
Torsten

Am 18.10.2024 um 19:03 schrieb Rodrigo Antunes via samba:
> Yes I want to upgrade, but last time I tried a got so much errors and missing dependencies that I had to give up.
> 
> I don't have another DC to join, only this one.
> 
> 
> 
> 
> 
> 
> Em sexta-feira, 18 de outubro de 2024 às 13:31:48 BRT, Luis Peromarta via samba <samba at lists.samba.org> escreveu:
> 
> 
> 
> 
> 
> You *really really* want to upgrade to a supported samba version, 4.20. Your version was deemed obsolete 10 ago.
> 
> Try to join a new DC, you will probably need to do in 2-3 steps as you upgrade.
> 
> This guide may help.
> 
> http://samba.bigbird.es/doku.php?id=samba:aditional-dc
> 
> All the best.
> 
> On 18 Oct 2024 at 18:14 +0200, Rodrigo Antunes via samba <samba at lists.samba.org>, wrote:
>> Yes, it is Samba 4.2.10 and Debian Jessie.
>>
>> Is this a know bug of that version?
>>
>>
>>
>> Em sexta-feira, 18 de outubro de 2024 às 12:15:26 BRT, Rowland Penny via samba <samba at lists.samba.org> escreveu:
>>
>>
>>
>>
>>
>> On Fri, 18 Oct 2024 15:00:38 +0000 (UTC)
>> Rodrigo Antunes via samba <samba at lists.samba.org> wrote:
>>
>>> Hi,
>>>
>>>
>>> First of all, my problem is a lot similar to this:
>>> https://lists.samba.org/archive/samba/2017-February/206248.html
>>>
>>> I have a freeradius server (10.1.0.13) that authenticate wifi users
>>> against AD (10.1.0.3). 10.1.0.13 is domain joined and has 10.1.0.3 as
>>> it's DNS server.
>>>
>>> The problem:
>>> When 10.1.0.3 has no internet connection, users most of the time
>>> can't authenticate. When it has, everything works as it should.
>>>
>>> The "fix":
>>> If I use no DNS servers at all and put a fixed entry (10.1.0.3
>>> mydomain.com) in 10.1.0.13's /etc/hosts everything works as it
>>> should. Although this solves the main problem this creates other
>>> unrelated problems, so the freeradius server needs to work with the
>>> right DNS server configured.
>>>
>>>
>>>
>>> When the problem happens all the domain related commands (wbinfo, net
>>> ads, nltm_auth) are extremely slow and sometimes succeds and
>>> sometimes don't. I have run 'net ads info' in debug and found this:
>>>
>>> --
>>> Starting GENSEC mechanism spnego
>>> Starting GENSEC submechanism gse_krb5
>>>
>>> (hangs for a lot of time)
>>>
>>> gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were
>>> supplied, or the credentials were unavailable or inaccessible.:
>>> unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may
>>> retry after a kinit. Failed to start GENSEC client mech gse_krb5:
>>> NT_STATUS_INTERNAL_ERROR Failed to setup SPNEGO negTokenInit request:
>>> NT_STATUS_INTERNAL_ERROR ads_sasl_spnego_gensec_bind(KRB5) failed
>>> with: An internal error occurred., calling kinit
>>> kerberos_kinit_password: as MYFRSERVER$@MYDOMAIN.COM using
>>> [MEMORY:net_ads] as ccache and config
>>> [/var/run/samba/smb_krb5/krb5.conf.ADM]
>>>
>>> (then tries again)
>>>
>>> Starting GENSEC mechanism spnego
>>> Starting GENSEC submechanism gse_krb5
>>> --
>>>
>>> But I have noticed that the same messages appears when everything is
>>> working, except that there is no hangs.
>>>
>>> Any ideas?
>>>
>>>
>>> Samba Version 4.2.10-Debian
>>>
>>
>> Please tell me that is typo before we go anywhere, tell me that you are
>> not still using Samba 4.2.10 and presumably Debian Jessie.
>>
>> Rowland
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> 
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba




More information about the samba mailing list