[Samba] slow automounted cifs

Wed, 01 May 2013 12:14:47 -0700 

Samba 4.0.6 git both DC and fileserver with openSUSE 12.3 clients
Hi
I'm trying to debug why logins to Linux clients are sometimes slow. Here is a login with the user steve2 requesting his (automounted) home folder: 
]
Kerberos: TGS-REQ authtime: 2013-05-01T20:57:27 starttime: 2013-05-01T20:57:27 endtime: 2013-05-02T06:57:27 renew till: 2013-05-02T20:57:25 Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.21:58661 for krbtgt/hh3.s...@hh3.site 
Kerberos: Client sent patypes: 149
Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site
Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- ste...@hh3.site
Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.21:60993 for krbtgt/hh3.s...@hh3.site 
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site
Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site
Kerberos: ENC-TS Pre-authentication succeeded -- ste...@hh3.site using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2013-05-01T20:58:08 starttime: unset endtime: 2013-05-02T06:58:08 renew till: 2013-05-02T20:58:05 Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using arcfour-hmac-md5/arcfour-hmac-md5 
Kerberos: Requested flags: renewable-ok
Kerberos: TGS-REQ CATRAL$@HH3.SITE from ipv4:192.168.1.21:45034 for cifs/h...@hh3.site [canonicalize, renewable] Kerberos: TGS-REQ authtime: 2013-05-01T20:57:27 starttime: 2013-05-01T20:58:09 endtime: 2013-05-02T06:57:27 renew till: 2013-05-02T20:57:25 Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.21:45264 for cifs/h...@hh3.site [canonicalize, renewable] Kerberos: TGS-REQ authtime: 2013-05-01T20:58:08 starttime: 2013-05-01T20:58:10 endtime: 2013-05-02T06:58:08 renew till: 2013-05-02T20:58:05 


In particular, I notice that there are 2 requests to the fileserver, one 
from CATRAL$ (the machine key is in the keytab already) and one from 
steve2 who just got a ticket. Does this look OK? Do both the machine and 
the user need to prove themselves?


Any pointers as to where I could start to look otherwise?


To be fair, this only tends to happen when lots of people are logging in 
(it's a school where 20 kids will all log in at the same time e.g. at 
the start of class).

Cheers,
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba














    











					Reply via email to