[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-technical
Subject:    Re: domain join stuck at krb5_get_init_creds_password
From:       Shilpa K via samba-technical <samba-technical () lists ! samba ! org>
Date:       2021-04-30 0:47:29
Message-ID: CAHbM3qiSLoK9uAw7q4J9dtN3UcqPBUsEdXybQW8g_iFktXCzng () mail ! gmail ! com
[Download RAW message or body]

Hi Jeremy,

Hemidal has refactored lot of code in send_to_kdc.c even for timeout with
connect. But, I found an earlier fix that addresses only the connect call
nonblocking and timeout. Below are the links for the fix that I used:

https://github.com/heimdal/heimdal/commit/842ca62336cd44b6ed1add2c93bf7a7649c58f08#diff-c65c9c2776f6f83857fdbc5546feeea98f2a1cb6cbd4ca087cfd9d16e67d367c
 https://github.com/heimdal/heimdal/commit/3a30f3b0d1e0a00e5f9372092a7a9497c2f73e98#diff-c65c9c2776f6f83857fdbc5546feeea98f2a1cb6cbd4ca087cfd9d16e67d367c


Thanks,
Shilpa



On Thu, Apr 29, 2021 at 11:09 PM Jeremy Allison <jra@samba.org> wrote:

> On Thu, Apr 29, 2021 at 06:07:12PM +0530, Shilpa K wrote:
> > Hi Jeremy,
> > 
> > Thanks for the response. I do not have the network traces. In this case,
> we
> > were using 'net ads join -k' and 'net ads testuser -k'. But what I got to
> > know was that there was a firewall for one of the KDCs and Samba tried to
> > connect to it and the function krb5_sendto() got blocked in connect(). It
> > appears like the timeout value for connect() was 60seconds. As there were
> > multiple attempts to connect(), it added to the delay. I tested a fix from
> > heimdal which uses non blocking connect with timeout and this seems to
> help.
> 
> Can you point me at the upstream heimdal fix so I can look into
> adding this to our version ?
> 
> Thanks,
> 
> Jeremy.
> 


[prev in list] [next in list] [prev in thread] [next in thread]