help for "join to AD failed by Kerberos auth and fall back to NTLM"
Hou, Kevin
khou at websense.com
Tue Jun 19 01:00:27 MDT 2012
Dear all,
I tried to join a Linux server to AD domain by "kinit" and "net ads join" commands, unexpectedly NTLM auth is used and lots of DNS SRV queries are generated. Normally these commands execute fine on other Linux servers and Kerberos authentication is used when joining. But this problematic Linux server used NTLM. The packet capture is attached. I wonder why Samba choose to use NTLM rather than Kerberos? And there is continuous DNS SRV queries after joining to AD, which caused network latency. Is the DNS query issue caused by Samba joining AD by NTLM?
Any comments are highly appreciated! Thanks very much in advance! :)
Regards,
Kevin
Protected by Websense Hosted Email Security -- www.websense.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bad.pcap
Type: application/octet-stream
Size: 1065063 bytes
Desc: bad.pcap
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120619/55f89f52/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: good.pcap
Type: application/octet-stream
Size: 203974 bytes
Desc: good.pcap
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120619/55f89f52/attachment-0003.obj>
More information about the samba-technical
mailing list