[Samba] NT_STATUS_PROTOCOL_UNREACHABLE since 4.19.0
Andrew Bartlett
abartlet at samba.org
Mon Sep 18 22:07:19 UTC 2023
On Fri, 2023-09-15 at 10:45 +0200, Daniel Berteaud via samba wrote:
>
> Each time one of my client machine auth against the controller,
> there's first an NT_STATUS_PROTOCOL_UNREACHABLE, followed immediatly
> by a NT_STATUS_OK.
>
>
>
> Clients are various Linux servers (mainly Alma Linux 8 and Debian)
> joined to the domain with SSSD.
>
>
>
> Everything seems to be working, but I'm worried about those errors.
> Would anyone know what does this mean ?
Totally harmless and expected, just a waste of CPU.
The client will first contact the KDC over UDP, but ask for a PAC.
This just isn't going to work, we need TCP transport to make a reply
with a PAC (it is large), so we go though the whole authentication
dance only to say 'sorry, that won't fit in that packet'.
Then the client gets that error code, retries with TCP and it all
works.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list