Friday, December 03, 2021

Re: django-ldap-auth authentication lasts several minutes on OpenBSD

This is very strange because all involved machines are using one and the
same internal dns server on the Samba ADDC as a resolver which I made resolve all the names and
addresses needed during authentication process:
1) Samba ADDC (aka the LDAP server) resolves its name and its IP.
2) Django OpenBSD machine resolves its name and its IP.
3) Client machine with the browser (this time I took windows 10 which was joined the AD domain)
resolves its name and its IP.
4) And all of them resolve hostnames and IPs of each other.

The only machine using another DNS server from my router is the Linux Mint development machine
which holds the copy of my code and also runs django development
server on 127.0.0.1:8080 and from where everything works without delays.
On that development machine I only added Samba ADDC address to
/etc/hosts to make the authentication run with TLS using the ADDC hostname and not complain
about TLS errors.
From that machine I browse to the Django development webserver on the
same machine through http://127.0.0.1:8080 and authenticate to the application
with my AD login and password without a delay so I am not sure there is
a problem with DNS.

On Пт 03 дек 2021 10:45:03, Stuart Henderson wrote:
> On 2021-12-03, Maksim Rodin <a23s4a2008@yandex.ru> wrote:
> > The AD DC machine is an Ubuntu 20 machine with samba 4.
> > The test machine where I initially have all the code and from where I tested this application initially
> > is a Linux Mint machine.
> > I enabled some logging in Django to see what happens when I log
> > in to the application
> > When I run "python manage.py runserver 0.0.0.0:8080" on my Linux machine
> > and try to authenticate to the application in my browser on the same machine I am logged in
> > within a second.
> > When I run "python manage.py runserver 0.0.0.0:8080" on the OpenBSD test
> > server and try to authenticate to the application from my browser
> > (using OpenBSD machine's IP or hostname) it lasts several minutes.
> > There is no error in the application log. Just a big delay till I am
> > successfully authenticated.
>
> A delay of that sort of length strongly hints at a DNS or reverse DNS problem.
>
>

--
Maksim Rodin

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)