brianleng
1 Copper

Kerberos fallback to NTLM

We have encountered some issue yesterday with our clients workstation that is connecting to the Isilon via smartconnect  using Kerberos authentication after some random time, we found that the Isilon was no longer accessible. Restarting of the workstation seems to solve the problem on one workstation. All other workstation was having this issue as well, on manually entering the path to Isilon, username/password was prompt, which is usual as we are using domain authentication. It seems like the connection fallback from Kerberbos to NTLM.


Is there any setup on Isilon that might fallback to NLTM after sometime of idle?





  .

Tags (3)
0 Kudos
2 Replies

Re: Kerberos fallback to NTLM

Next time it happens i'd check the isilon node connection to the domain controll "isi auth ads list" and see if it's online.  If it is online,  and you're still getting prompted for a password,  i'd start by checking out the lwiod.log in /var/log,  and maybe debug logging for a short span during the problem.  MIght as well grab a wireshark as well.. 

The issues we seem, which sound similar to this,  was resolved by changing the zone cache size.  That was due to our large ad environemnt tho..

what version of OneFS?

brianleng
1 Copper

Re: Kerberos fallback to NTLM

Hi Mark,

Currently we are using V7.0.2.1.

I will have to wait for it to occur again and check on the domain control link. Thanks.

0 Kudos