Hi, we operate a cluster with LDAP for authentication. When a user logs in, the session blocks around 15 seconds before the client sends the first TLS packet to the LDAP server after the TCP connection has been established. From then, everything is hunky dory. 5.095116 192.168.0.104 -> 192.168.0.10 DNS Standard query AAAA ldap.cluster.ailab.ch 5.095638 192.168.0.10 -> 192.168.0.104 DNS Standard query response CNAME master.cluster.ailab.ch 5.095881 192.168.0.104 -> 192.168.0.10 DNS Standard query A ldap.cluster.ailab.ch 5.096199 192.168.0.10 -> 192.168.0.104 DNS Standard query response CNAME master.cluster.ailab.ch A 192.168.0.10 5.096385 192.168.0.104 -> 192.168.0.10 TCP 32820 > 636 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1689666 TSER=0 WS=0 5.096432 192.168.0.10 -> 192.168.0.104 TCP 636 > 32820 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=1105337328 TSER=1689666 WS=2 5.096536 192.168.0.104 -> 192.168.0.10 TCP 32820 > 636 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=1689666 TSER=1105337328 <15 seconds> 20.273360 192.168.0.104 -> 192.168.0.10 TLS Application Data I've had to deal with performance issues in slapd, but I've never had to deal with shy clients. What could be the cause here? There are no relevant entries in the logs on either client or server. Thanks, -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system "wer schmetterlinge lachen hört, der weiss wie wolken schmecken." -- freiherr friedrich von hardenberg
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)