From cbc40d2503061bacdb72b2a04c1867de9093be13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= Date: Wed, 18 Oct 2023 11:32:57 +0200 Subject: [PATCH 1/4] s3:winbindd: Improve logging for failover scenarios in winbindd_pam.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15499 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 6063f3ee733348855d6b144091bbdbbe6862494c) --- source3/winbindd/winbindd_pam.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 66d5b4a5a7b..2eeba24222a 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1661,6 +1661,10 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, retry = false; + D_DEBUG("Creating a DCERPC netlogon connection for SAM logon. " + "netlogon attempt: %d, samlogon attempt: %d.\n", + netr_attempts, + attempts); result = cm_connect_netlogon_secure(domain, &netlogon_pipe, &netlogon_creds_ctx); -- 2.41.0 From 1a665a577e4e57eb3f1f65000e79f99bd65cefee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= Date: Wed, 18 Oct 2023 11:32:57 +0200 Subject: [PATCH 2/4] s3:libsmb: Improve logging for failover scenarios MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15499 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 5f7a834effea56d683f76a801924c7125385e534) --- source3/libsmb/clientgen.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index e52e6c2256d..bec1184d53f 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -36,6 +36,11 @@ unsigned int cli_set_timeout(struct cli_state *cli, unsigned int timeout) { unsigned int old_timeout = cli->timeout; + DBG_DEBUG("Changing connection timeout for server '%s' from %d (ms) to " + "%d (ms).\n", + smbXcli_conn_remote_name(cli->conn), + cli->timeout, + timeout); cli->timeout = timeout; return old_timeout; } -- 2.41.0 From f3c9eab76044319a5cdb7af9ea10f2810a7bf6c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= Date: Wed, 18 Oct 2023 11:32:57 +0200 Subject: [PATCH 3/4] s3:libads: Improve logging for failover scenarios MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15499 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Wed Oct 18 15:47:09 UTC 2023 on atb-devel-224 (cherry picked from commit 14600a3128c6b66de4f9291eeec52e34725030c5) --- source3/libads/ldap.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 2853e15dfd3..cc00753ff74 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -478,6 +478,12 @@ again: num_requests += 1; } + DBG_DEBUG("Try to create %zu netlogon connections for domain '%s' " + "(provided count of addresses was %zu).\n", + num_requests, + domain, + count); + if (num_requests == 0) { status = NT_STATUS_NO_LOGON_SERVERS; DBG_WARNING("domain[%s] num_requests[%zu] for count[%zu] - %s\n", @@ -855,6 +861,8 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) bool ok = false; struct sockaddr_storage ss; + DBG_DEBUG("Resolving name of LDAP server '%s'.\n", + ads->server.ldap_server); ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true); if (!ok) { DEBUG(5,("ads_connect: unable to resolve name %s\n", @@ -900,6 +908,8 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads) * Keep trying to find a server and fall through * into ads_find_dc() again. */ + DBG_DEBUG("Failed to connect to DC via LDAP server IP address, " + "trying to find another DC.\n"); } ntstatus = ads_find_dc(ads); -- 2.41.0 From 9a9a20319e8efb57c2d6ddfd19078b2e71058cb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= Date: Wed, 18 Oct 2023 11:32:57 +0200 Subject: [PATCH 4/4] s3:winbindd: Improve logging for failover scenarios in winbindd_cm.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15499 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 21bb84ed1c30b863b4ef17fcebdd79f147142b9f) --- source3/winbindd/winbindd_cm.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 9f56596669b..2ebfb0f6dd8 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1101,6 +1101,9 @@ static bool dcip_check_name_ads(const struct winbindd_domain *domain, char addr[INET6_ADDRSTRLEN]; print_sockaddr(addr, sizeof(addr), &sa->u.ss); + D_DEBUG("Trying to figure out the DC name for domain '%s' at IP '%s'.\n", + domain->name, + addr); ads = ads_init(tmp_ctx, domain->alt_name, @@ -1159,6 +1162,10 @@ static bool dcip_check_name_ads(const struct winbindd_domain *domain, saf_store(domain->alt_name, name); } + D_DEBUG("DC name for domain '%s' at IP '%s' is '%s'\n", + domain->name, + addr, + name); *namep = talloc_move(mem_ctx, &name); out: @@ -1516,6 +1523,9 @@ static bool find_dc(TALLOC_CTX *mem_ctx, *fd = -1; + D_NOTICE("First try to connect to the closest DC (using server " + "affinity cache). If this fails, try to lookup the DC using " + "DNS afterwards.\n"); ok = connect_preferred_dc(mem_ctx, domain, request_flags, fd); if (ok) { return true; @@ -1526,9 +1536,11 @@ static bool find_dc(TALLOC_CTX *mem_ctx, } again: + D_DEBUG("Retrieving a list of IP addresses for DCs.\n"); if (!get_dcs(mem_ctx, domain, &dcs, &num_dcs, request_flags) || (num_dcs == 0)) return False; + D_DEBUG("Retrieved IP addresses for %d DCs.\n", num_dcs); for (i=0; idcaddr = addrs[fd_index]; @@ -1604,6 +1620,11 @@ static bool find_dc(TALLOC_CTX *mem_ctx, *fd = -1; } + /* + * This should not be an infinite loop, since get_dcs() will not return + * the DC added to the negative connection cache in the above + * winbind_add_failed_connection_entry() call. + */ goto again; } @@ -1733,11 +1754,17 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; } + D_NOTICE("Creating connection to domain controller. This is a start of " + "a new connection or a DC failover. The failover only happens " + "if the domain has more than one DC. We will try to connect 3 " + "times at most.\n"); for (retries = 0; retries < 3; retries++) { bool found_dc; - DEBUG(10, ("cm_open_connection: dcname is '%s' for domain %s\n", - domain->dcname ? domain->dcname : "", domain->name)); + D_DEBUG("Attempt %d/3: DC '%s' of domain '%s'.\n", + retries, + domain->dcname ? domain->dcname : "", + domain->name); found_dc = find_dc(mem_ctx, domain, request_flags, &fd); if (!found_dc) { -- 2.41.0