[Samba] slow automounted cifs

steve steve at steve-ss.com
Wed May 1 13:14:28 MDT 2013 

Samba 4.0.6 git both DC and fileserver with openSUSE 12.3 clients
Hi
I'm trying to debug why logins to Linux clients are sometimes slow. Here 
is a login with the user steve2 requesting his (automounted) home folder:
]
Kerberos: TGS-REQ authtime: 2013-05-01T20:57:27 starttime: 
2013-05-01T20:57:27 endtime: 2013-05-02T06:57:27 renew till: 
2013-05-02T20:57:25
Kerberos: AS-REQ steve2 at HH3.SITE from ipv4:192.168.1.21:58661 for 
krbtgt/HH3.SITE at HH3.SITE
Kerberos: Client sent patypes: 149
Kerberos: Looking for PKINIT pa-data -- steve2 at HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- steve2 at HH3.SITE
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- steve2 at HH3.SITE
Kerberos: AS-REQ steve2 at HH3.SITE from ipv4:192.168.1.21:60993 for 
krbtgt/HH3.SITE at HH3.SITE
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- steve2 at HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- steve2 at HH3.SITE
Kerberos: ENC-TS Pre-authentication succeeded -- steve2 at HH3.SITE using 
arcfour-hmac-md5
Kerberos: AS-REQ authtime: 2013-05-01T20:58:08 starttime: unset endtime: 
2013-05-02T06:58:08 renew till: 2013-05-02T20:58:05
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, 
aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using 
arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable-ok
Kerberos: TGS-REQ CATRAL$@HH3.SITE from ipv4:192.168.1.21:45034 for 
cifs/hh16 at HH3.SITE [canonicalize, renewable]
Kerberos: TGS-REQ authtime: 2013-05-01T20:57:27 starttime: 
2013-05-01T20:58:09 endtime: 2013-05-02T06:57:27 renew till: 
2013-05-02T20:57:25
Kerberos: TGS-REQ steve2 at HH3.SITE from ipv4:192.168.1.21:45264 for 
cifs/hh16 at HH3.SITE [canonicalize, renewable]
Kerberos: TGS-REQ authtime: 2013-05-01T20:58:08 starttime: 
2013-05-01T20:58:10 endtime: 2013-05-02T06:58:08 renew till: 
2013-05-02T20:58:05

In particular, I notice that there are 2 requests to the fileserver, one 
from CATRAL$ (the machine key is in the keytab already) and one from 
steve2 who just got a ticket. Does this look OK? Do both the machine and 
the user need to prove themselves?

Any pointers as to where I could start to look otherwise?

To be fair, this only tends to happen when lots of people are logging in 
(it's a school where 20 kids will all log in at the same time e.g. at 
the start of class).
Cheers,
Steve

More information about the samba mailing list