Instrumentation for monitoring ntlm_auths against domain controllers

Paul Seward Paul.Seward at bristol.ac.uk
Thu Oct 20 12:21:47 CEST 2016


Thanks for the pointers, you've confirmed my suspicion that there's not an
easy answer!

I'll keep exploring, and if we end up writing any tools that would help
we'll obviously make them more widely available.

-Paul

On 19 October 2016 at 13:22, Matthew Newton <mcn4 at leicester.ac.uk> wrote:

> On Wed, Oct 19, 2016 at 01:00:34PM +0100, Matthew Newton wrote:
> > On Wed, Oct 19, 2016 at 12:49:44PM +0100, Paul Seward wrote:
> > > What I'd like to do, is put some instrumentation in place that would
> allow
> > > our monitoring server to fire ntlm_auth's at a specified domain
> controller
> > > (rather than whichever one winbind happens to have connected to) so
> that we
> > > can monitor latency to all of them, and use the resulting graphs to
> > > pinpoint any that are under performing.
> > >
> > > I can't see an obvious way to make that happen, so if anyone has any
> > > pointers we'd really appreciate it!
> >
> > You might be able to find which DC is being used, and an
> > indicative latency, by writing a small program to call wbcPingDc2
> > and note the time taken to respond and which DC was used. Log this
>
> Except here I get
>
> # ./dclatency
> error: unable to ping dc
> WBC_ERR_NOT_IMPLEMENTED
> #
>
> :(
>
> Look through wbclient.h. There may be another way.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>



-- 
----------------------------------------------------------------------
Paul Seward,    Senior Systems Administrator,    University of Bristol
Paul.Seward at bristol.ac.uk  +44 (0)117 39 41148    GPG Key ID: E24DA8A2
GPG Fingerprint:    7210 4E4A B5FC 7D9C 39F8  5C3C 6759 3937 E24D A8A2


More information about the Freeradius-Users mailing list