[Linux-aus] SRV _kerberos._http.COMPANY.LOCAL.

Lilac Kapul ileyd at icloud.com
Thu Jun 9 15:23:11 AEST 2022

Hi Russell,

How many groups are the users you login with  a member of?

Is the primary DNS search domain correct on the client machines? How many AD DCs do you have and are they on the same subnet?

Warm Regards,
Lilac Kapul (she/they)
M 0432 114 172 E ileyd at icloud.com

> On 9 Jun 2022, at 14:14, Russell Coker via linux-aus <linux-aus at lists.linux.org.au> wrote:
> I have a setup of sssd (the Linux Active Directory client) talking to a 
> locally hosted AD instance which also has an Azure AD domain (which isn't 
> supported by sssd) mirroring some of the data.  I'm getting repeated DNS 
> lookups for the above SRV entry, any idea of what this is about and what the 
> right value should be?
> The real problem is poor performance with slow logins (like it's timing out 
> trying to connect to the wrong server) and it appears that doing hundreds of 
> DNS requests for things that don't exist is likely to be part of that problem.
> What does Kerberos expect with the _http service?  Does it expect the server 
> running on port 88?
> I'd appreciate any responses that give a clue here.  Could be from the AD side 
> how I can probe the AD setup or just guess what it's doing (assuming that most 
> of it will be default options).  Could be from the Linux/SSSD side of what the 
> client is expecting and how to make it happy.
> Also I'm going to try to get the Ubuntu adsys package to work, currently 
> installing it breaks AD on that workstation.  But that's a later thing.
> -- 
> My Main Blog         http://etbe.coker.com.au/
> My Documents Blog    http://doc.coker.com.au/
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> http://lists.linux.org.au/mailman/listinfo/linux-aus
> To unsubscribe from this list, send a blank email to
> linux-aus-unsubscribe at lists.linux.org.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.org.au/pipermail/linux-aus/attachments/20220609/50cbac6d/attachment.html>

More information about the linux-aus mailing list