On Thu, Sep 03, 2009 at 05:10:38PM +0200, Andreas Dan Larsson wrote: > This message is not fatal in any way, all it means is that > the client did not pre-authenticate it self to the > domaincontroller. The domaincontroller responds to the > client that it needs pre-auth to proceed, the client then > supply the pre-auth info. So the "error" in it self is > quite harmless, my concern is that its appearing a bit to > often. Some clients log this message to the > domaincontroller up to 10-20 times a minute, could this > indicate that something is broken?
Ok, 10-20 times a minute is definitely too much, you would need to look at traces why it happens so often. Apart from that, this behaviour is something winbind has no direct control over, this is done by the Kerberos libraries we use. You might want to look at the docs for krb5.conf if there's any setting you can use to stop the non-preauth requests. I'm afraid I don't have those docs handy right now, and I'm behind a slow mobile connection. Volker
signature.asc
Description: Digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba