From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 98214 invoked by alias); 28 Feb 2017 16:35:16 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 97920 invoked by uid 89); 28 Feb 2017 16:35:15 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=2.1 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=no version=3.3.2 spammy=H*F:D*yandex.ru, H*M:yandex, schulman, Schulman X-HELO: forward3m.cmail.yandex.net Received: from forward3m.cmail.yandex.net (HELO forward3m.cmail.yandex.net) (5.255.216.21) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 28 Feb 2017 16:35:11 +0000 Received: from smtp2h.mail.yandex.net (smtp2h.mail.yandex.net [84.201.187.145]) by forward3m.cmail.yandex.net (Yandex) with ESMTP id 7E4F92192D; Tue, 28 Feb 2017 19:35:09 +0300 (MSK) Received: from smtp2h.mail.yandex.net (localhost.localdomain [127.0.0.1]) by smtp2h.mail.yandex.net (Yandex) with ESMTP id 5E82C780CE8; Tue, 28 Feb 2017 19:35:07 +0300 (MSK) Received: by smtp2h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id gEbcjVwtDs-Z7aegLfT; Tue, 28 Feb 2017 19:35:07 +0300 (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client certificate not present) Authentication-Results: smtp2h.mail.yandex.net; dkim=pass header.i=@yandex.ru X-Yandex-Suid-Status: 1 0,1 0 Received: from [192.168.1.10] (HELO daemon2.darkdragon.lan) by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP; Tue, 28 Feb 2017 16:30:04 -0000 Date: Tue, 28 Feb 2017 16:35:00 -0000 From: Andrey Repin Reply-To: cygwin@cygwin.com Message-ID: <1436100995.20170228193004@yandex.ru> To: Andrew Schulman , cygwin@cygwin.com Subject: Re: thousands of NTLM requests per day In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2017-02/txt/msg00352.txt.bz2 Greetings, Andrew Schulman! > I got a call from our domain admins, asking me if I knew why my Windows 7 > host would be sending many thousands of NTLMv1 authentication requests per > day. I don't know, and we're still trying to find out which application is > doing that, but here's what I wonder: > Could Cygwin be responsible for the authentication requests? I wonder about > this because Cygwin now queries Windows for user and group information that > used to be kept statically in /etc/passwd and /etc/group. Do you use cygserver ? If not, try to set it up, it should help with domain information caching. If the problem you observe is caused by Cygwin activity, you should see a decrease in such requests. > I don't know much about this. Sorry if it's an obtuse question. Any general > information would be appreciated. -- With best regards, Andrey Repin Tuesday, February 28, 2017 19:28:37 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple