-
Title
Is there any vastool command for finding out which Domain Controller the client is connected to ? -
Description
Is there any vastool command for finding out which domain controller (DC) Authentication Services client is communicating with?
-
Resolution
"vastool info servers" can only list the servers it knows from Active Directory, but a conclusive way would be to intercept the client-server communication by means of "tcpdump" and examine the packets.
-
Additional Information
For example:
Terminal session 1: # tcpdump -i eth0 | grep 3268
Terminal session 2: # vastool -u administrator group rg02 hasmember ru01
Password for administrator@QMXLAB.COM:
ru01 is not a member of rg02
Excerpt of the dump from window 1 (session 1):
13:26:00.344326 IP redhatmachine.qmxlab.com.33361 > cs-qmx.qmxlab.com.3268: P 576:874(298) ack 249 win 1460 <nop,nop,timestamp 1097414798 10286161>
13:26:00.346680 IP cs-qmx.qmxlab.com.3268 > redhatmachine.qmxlab.com.33361: P 249:373(124) ack 874 win 64240 <nop,nop,timestamp 10288238 1097414798>
13:26:00.348226 IP redhatmachine.qmxlab.com.33361 > cs-qmx.qmxlab.com.3268: . ack 373 win 1460 <nop,nop,timestamp 1097414802 10288238>
13:26:00.353591 IP redhatmachine.qmxlab.com.33361 > cs-qmx.qmxlab.com.3268: P 874:1152(278) ack 373 win 1460 <nop,nop,timestamp 1097414808 10288238>
13:26:00.353940 IP cs-qmx.qmxlab.com.3268 > redhatmachine.qmxlab.com.33361: P 373:497(124) ack 1152 win 63962 <nop,nop,timestamp 10288238 1097414808>
13:26:00.393606 IP redhatmachine.qmxlab.com.33361 > cs-qmx.qmxlab.com.3268: . ack 497 win 1460 <nop,nop,timestamp 1097414848 10288238>
cs-qmx.qmxlab.com is the DC my VAS client is talking to.