Hi.
On 04.09.2013 11:01, Markus Moeller wrote:
>
>> Are you still interested in tcpdump captures you mentioned in previous
>> letter ?
>>
>
> Yes I would still like to see it.
>
(looks like for some reason mailing list tracker ate this message - my
relay says it's send, but it doesn't appear in the mailing list,
probably because of the URLs it was marked as spam, so here's the copy
I'm sending to you directly.)
Here's the pcap capture:
http://unix.zhegan.in/files/ext_kerberos_ldap_group_acl.pcap
Console log for the exchange:
http://unix.zhegan.in/files/ext_kerberos_ldap_group_acl.txt
The capture contains network exchange from the following sequence of
actions:
- tcpdump was started as 'tcpdump -s 0 -w
ext_kerberos_ldap_group_acl.pcap -ni vlan1 port 53 or port 389 or port 88'
- helper was started in shell, arguments:
/usr/local/libexec/squid/ext_kerberos_ldap_group_acl \
-i \
-a \
-m 16 \
-d \
-D NORMA.COM \
-b cn=Users,dc=norma,dc=com \
-u proxy5-backup \
-p XXXXXXXXXXXX \
-N SOFTLAB_at_NORMA.COM \
-S hq-gc.norma.com_at_NORMA.COM
- line 'emz Internet%20Users%20-%20Proxy1' was typed 5 times (5 'OK'
answers were received).
- helper was stopped
- tcpdump was stopped
From my point of view the initial pause and the subsequent ones are the
same.
Addresses:
192.168.13.3 - the address of a machine where the helper was ran
192.168.3.45 - one of the AD controllers
The machine was idle for the time of the experiment (this is a backup
gateway with VRRP, in inactive state).
This machine has a named ran, and it's resolver uses it via lo0
interface, so no DNS exchange can be seen, as all of the answers were
cached by named.
If seeing DNS exchange is vital for understanding the pause, I can
probably recapture the exchange using external DNS.
Eugene.
Received on Wed Sep 04 2013 - 10:02:11 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 04 2013 - 12:00:05 MDT