[Samba] Debugging TLS Retry Handshake errors
- Date: Wed, 26 Sep 2018 11:33:49 -0700
- From: Kris Lou via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Debugging TLS Retry Handshake errors
So, I'm using Samba AD for user authentication by some web appliances,
using LDAPS over port 636. I've been doing this for quite a while -- and
my certificates and everything seem to check out.
But this week (and with one appliance -- my firewall), I'm finding that
maybe 3/20 times the bind will fail for perhaps 10 seconds. During this
time, the logs read (for each failure):
[2018/09/26 11:05:52.824630, 1]
TLS ../source4/lib/tls/tls_tstream.c:1439 - A TLS fatal alert has been
I've repointed authentication to a single server (instead of using DNS
round robin that apparently didn't work -- different issue), and manually
spammed auth tests, which is how I was able to grab the above errors. And
by manually, that's by clicking the "test authentication button", so no
more than 3 times per 2 seconds (depends upon result speed).
Does anybody have any suggestions for debugging this further?
I don't have any "tls *" settings in my smb.conf, except the standard
To unsubscribe from this list go to the following URL and read the