cldap
Dave Daugherty
dave.daugherty at centrify.com
Thu May 11 22:43:48 GMT 2006
It was a WAN environment with allegedly NetScreen firewalls, not running
"Jumbo Frames - 2400 bytes", but it was difficult to get clear answers
from the customer,
We were using CLAP RootDSE as a "ping" to make sure we connected to an
AD server, and once we started asking for just one attribute back, we
finally got responses.
In our test environments we typically see responses of 1500-2000 bytes
coming back, but my understanding is this may grow.
The tip off for us was seeing some of our DNS queries failing over to
TCP before responses came back.
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: Thursday, May 11, 2006 10:08 AM
To: Dave Daugherty
Cc: Jim McDonough; tridge at samba.org; samba-technical at lists.samba.org;
idra at samba.org; samba-technical at samba.org
Subject: Re: cldap
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dave Daugherty wrote:
> Just slightly related to this... We recently saw an issue
> where if we ask for all attributes back from the
> rootDSE query, some firewalls discard large UDP packets.
> So be judicious for what you ask for.
Interesting. Do you remember what value of N is considered
large ? Also, did you run into problems with firewalls
internal to an AD domain ? Or contacting DC across a WAN?
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEY296IR7qMdg1EfYRAlSwAKCRe114fWGajKYdrHFevL5d/D3B4wCgvwxL
LGh3pFv9nrdijy8Y36KL1QA=
=1C/3
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list