Samba, Kerberos and Winbind "slow" (200 ms) authentication


we are running a UCS DC Master and a UCS DC Backup Server with Samba 4 (this is a little bit unusual, I know). Both are updated to 4.3. Everything is working quite well, except for one use case.

When running the following on the UCS DC Master running heimdal as KDC with itself set in krb5.conf we get approximately these values:

root@ucsmaster:~$ time kinit --password-file=a username
Password for username@DOMAIN:

real 0m0,026s
user 0m0,012s
sys 0m0,006s

When running the same on the UCS Domain Controller Backup now against the samba server the speed is significantly reduced:

root@ucsbackup:~$ time kinit --password-file=a username
Password for username@DOMAIN:

real 0m0,190s
user 0m0,008s
sys 0m0,012s

These 200 ms correspond to the time getting an authentication from Samba. Is this behaviour expected? Are 200 ms usual for a Samba authentication?

Thanks for hints,