Andrew Bartlett abartlet at samba.org
Mon Sep 18 22:07:19 UTC 2023

On Fri, 2023-09-15 at 10:45 +0200, Daniel Berteaud via samba wrote:
> Each time one of my client machine auth against the controller,
> there's first an NT_STATUS_PROTOCOL_UNREACHABLE, followed immediatly
> by a NT_STATUS_OK. 
> Clients are various Linux servers (mainly Alma Linux 8 and Debian)
> joined to the domain with SSSD. 
> Everything seems to be working, but I'm worried about those errors.
> Would anyone know what does this mean ? 

Totally harmless and expected, just a waste of CPU. 

The client will first contact the KDC over UDP, but ask for a PAC.
 This just isn't going to work, we need TCP transport to make a reply
with a PAC (it is large), so we go though the whole authentication
dance only to say 'sorry, that won't fit in that packet'.

Then the client gets that error code, retries with TCP and it all

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list