Web lists-archives.com

Re: [Samba] Debugging TLS Retry Handshake errors




On Wed, 2018-09-26 at 18:01 -0700, Kris Lou wrote:
> Hi Andrew,
> 
> Thanks for the response.  I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1.  And the actual CPU/ memory load is minimal - ~4%/6GB free.
> 
> From the client side, I'm pretty sure my tests are PHP calling ldap_connect().
> 
> It's not the end of the world, and so far, it's the only appliance or application that's affected.  Other tests with other web appliances don't exhibit the same issue, so I'm going to start pointing fingers there.  This one just happened to crop up this week (and this week only).
> 
> Worst case scenario (if this doesn't work itself out ...), I change authentication from LDAPS to Radius.

FreeRADIUS -> ntlm_auth/libwbclient -> winbindd -> AD would be much
more efficient, despite the long chain, because all the connections can
be cached.

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba