[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-technical
Subject: Re: domain join stuck at krb5_get_init_creds_password
From: Shilpa K via samba-technical <samba-technical () lists ! samba ! org>
Date: 2021-04-30 0:47:29
Message-ID: CAHbM3qiSLoK9uAw7q4J9dtN3UcqPBUsEdXybQW8g_iFktXCzng () mail ! gmail ! com
[Download RAW message or body]
Hi Jeremy,
Hemidal has refactored lot of code in send_to_kdc.c even for timeout with
connect. But, I found an earlier fix that addresses only the connect call
nonblocking and timeout. Below are the links for the fix that I used:
https://github.com/heimdal/heimdal/commit/842ca62336cd44b6ed1add2c93bf7a7649c58f08#diff-c65c9c2776f6f83857fdbc5546feeea98f2a1cb6cbd4ca087cfd9d16e67d367c
https://github.com/heimdal/heimdal/commit/3a30f3b0d1e0a00e5f9372092a7a9497c2f73e98#diff-c65c9c2776f6f83857fdbc5546feeea98f2a1cb6cbd4ca087cfd9d16e67d367c
Thanks,
Shilpa
On Thu, Apr 29, 2021 at 11:09 PM Jeremy Allison <jra@samba.org> wrote:
> On Thu, Apr 29, 2021 at 06:07:12PM +0530, Shilpa K wrote:
> > Hi Jeremy,
> >
> > Thanks for the response. I do not have the network traces. In this case,
> we
> > were using 'net ads join -k' and 'net ads testuser -k'. But what I got to
> > know was that there was a firewall for one of the KDCs and Samba tried to
> > connect to it and the function krb5_sendto() got blocked in connect(). It
> > appears like the timeout value for connect() was 60seconds. As there were
> > multiple attempts to connect(), it added to the delay. I tested a fix from
> > heimdal which uses non blocking connect with timeout and this seems to
> help.
>
> Can you point me at the upstream heimdal fix so I can look into
> adding this to our version ?
>
> Thanks,
>
> Jeremy.
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic