| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:to:from:subject:date:message-id:references | |
| :mime-version:content-type:content-transfer-encoding; q=dns; s= | |
| default; b=NYHhN8ieTwx1a5/g1+ReAJ1O734rhdmw1h6ciCOLRGZtdVgKukdea | |
| EAqM6x6C/AejjCEKyBqjxC+2Wb03ovE5J/uvI6QAo9Wqp2+kwxAsEimktlskHfx5 | |
| f7wDp28vWy97Jdg8xfKcXrTlF6t5tJqjH9Wxc5kddCHT0YaPffO8M8= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:to:from:subject:date:message-id:references | |
| :mime-version:content-type:content-transfer-encoding; s=default; | |
| bh=KyI+8I/x4KmHEsYXWLN46jgHU0s=; b=rcCQOS0prniidgJ//9rL1/jVkbAs | |
| 6EXOwqbN6/2CrkZy2RcTY67g8c9sujAtAz72HwmNK15j5Q1ALt6c0CKGMhRVQQQf | |
| AbpEeSMpX/+F6M0V4eLlgN3FcPbwcdYU811POsEoe0JNZpM+q7BisvNGrP2mcCEV | |
| hNRvOk8XPJ2UeCk= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-0.9 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=H*Ad:D*gov, H*r:Unknown, our, initiated |
| X-HELO: | blaine.gmane.org |
| To: | cygwin AT cygwin DOT com |
| From: | Andrew Schulman <schulman DOT andrew AT epa DOT gov> |
| Subject: | Re: thousands of NTLM requests per day |
| Date: | Fri, 03 Mar 2017 09:50:11 -0500 |
| Lines: | 26 |
| Message-ID: | <hd0jbc1eh0mfu65gijkhjntau70oh4ajvf@4ax.com> |
| References: | <bi4bbc1qpuhhp2pquc9ui5kfp74jj9n42b AT 4ax DOT com> <1436100995 DOT 20170228193004 AT yandex DOT ru> |
| Mime-Version: | 1.0 |
| X-Archive: | encrypt |
| X-IsSubscribed: | yes |
> Greetings, Andrew Schulman! > > > I got a call from our domain admins, asking me if I knew why my Windows 7 > > host would be sending many thousands of NTLMv1 authentication requests per > > day. I don't know, and we're still trying to find out which application is > > doing that, but here's what I wonder: > > > Could Cygwin be responsible for the authentication requests? I wonder about > > this because Cygwin now queries Windows for user and group information that > > used to be kept statically in /etc/passwd and /etc/group. > > Do you use cygserver ? If not, try to set it up, it should help with domain > information caching. If the problem you observe is caused by Cygwin activity, > you should see a decrease in such requests. Thanks for the suggestion, Andrey. I'll keep it in mind for next time. For the archive, this problem was unrelated to Cygwin. Jeffrey Altman answered offline that "NTLM requests will be sent from the svchost.exe service when a remote desktop connection is initiated." So I looked into the Nomachine NX service that was running on my host, and found that it was responsible. I disabled the service and the requests stopped. So, not a Cygwin problem. Sorry for the noise, and thanks for the help. Andrew -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |