Anthony Mercatante
2022-Jan-12 16:07 UTC
[Samba] samba-tool hangs when using kerberos auth when a DC or site is offline
Hello, I'm trying to fix this for month now. Have 2 sites, 2 DCs per site, with dhcp failover and dhcp to dns provisionning on each of them. The 2 sites are linked with proper routes and a wireguard vpn and it works like a charm since 2015. The thing is that when the 2 sites are unlinked because the vpn is down, any samba-tool request that uses the -k option start responding slow, sometimes hanging forever. To make this clear, on Site 1, DC 1, I'm launching this command : samba-tool dns query DC1 domain.lan PC01 A -k yes Response time is about 0.1 s, sometimes 0.2, everytime, very efficiently. When I stop the VPN, it sometimes responds in 0.1 sec, sometimes in 10 seconds, sometimes never. Same thing with any other samba-tool command, as long as I use the "-k yes" option (kerberos auth). In my case this breaks the dhcp-dns script, now based on samba-tool, which breaks the dhcp, which breaks... Everything ;) When I meet an internet connection issue, my LAN breaks, simple. Using samba-tool with debug level 9 doesn't help, since the issue is with kerberos (no hang with -U option), but nothing in the logs or the output indicates a problem, It just seems to "wait" and never timeouts. Any help appreciated ! Anthony