Re: [Samba] Debugging TLS Retry Handshake errors
- Date: Thu, 27 Sep 2018 13:13:08 +1200
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Debugging TLS Retry Handshake errors
On Wed, 2018-09-26 at 18:01 -0700, Kris Lou wrote:
> Hi Andrew,
> Thanks for the response. I'm running 4.7.6, there are 3 DC's, but in my tests, I'm directly pointed at only 1. And the actual CPU/ memory load is minimal - ~4%/6GB free.
> From the client side, I'm pretty sure my tests are PHP calling ldap_connect().
> It's not the end of the world, and so far, it's the only appliance or application that's affected. Other tests with other web appliances don't exhibit the same issue, so I'm going to start pointing fingers there. This one just happened to crop up this week (and this week only).
> Worst case scenario (if this doesn't work itself out ...), I change authentication from LDAPS to Radius.
FreeRADIUS -> ntlm_auth/libwbclient -> winbindd -> AD would be much
more efficient, despite the long chain, because all the connections can
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
To unsubscribe from this list go to the following URL and read the