Hello, We have an issue in our environment with Linux servers/workstations joined to AD using winbind. (The domain controllers run Windows.) Winbind seems to keep an open TCP session to a domain controller on port 49667, which I understand is some kind of RPC. This TCP session seems to be long lived. The problem is, we have a stateful firewall (Palo Alto) between the stations and the domain controllers. If the connection is inactive for a long time, the firewall will forget about it and start dropping packets. This causes a login delay of ~10 seconds on the stations as they eventually reset the connection. I tried setting "socket options = SO_KEEPALIVE" in smb.conf on the stations, but that doesn't seem to affect it; I guess that setting is only used for a Samba server and not for connections from winbind to AD? Is there any way to fix this issue in configuration? Otherwise, is this worthy of opening a bug report for? Thanks, Arthur
On 11/28/25 6:05 PM, LESUISSE Arthur via samba wrote:> I tried setting "socket options = SO_KEEPALIVE" in smb.conf on the > stations, but that doesn't seem to affect it; I guess that setting > is only used for a Samba server and not for connections from winbind > to AD?you need something like: socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=10 TCP_KEEPCNT=3 TCP_KEEPINTVL=3 Iirc I recently had to give this same recommendation that had exactly the same problem and it worked. See you at FOSDEM! :) -slow -- Join us for the 25th sambaXP 2026 conference April 20th & 21th, 2026 at Hotel Freizeit In sponsored by TranquilIT & Microsoft & SerNet Ticketing & more Info at https://sambaxp.org SerNet Samba Team Lead https://sernet.de/ Samba Team PLC https://samba.org/ Support and Development https://samba.plus/services/ SAMBA+ packages https://samba.plus/products/samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20251128/d6907b6b/OpenPGP_signature.sig>