Re: [Devil-Linux-discuss] DL 1.2.10 (& 9): Slow Samba - LDAP problem?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Dom wrote:
<blockquote cite="mid...@ed..."
 type="cite"> <br>
  <br>
Dom wrote:
  <blockquote cite="mid...@ed..."
 type="cite"> [this stems from thread: 'DL 1.2.9 upgrade from 1.2.6
(SMP Server) -
but slow?' The new subject title is hopefully more useful, as the
problem relates to Samba and, I think, LDAP]<br>
    <br>
With Devil-Linux 1.2.6 our very simple (perhaps too simple) Samba setup
[see below] worked like a charm.<br>
    <br>
Now using DL 1.2.10 (test) it is very slow for the first access by any
machine, and again after a while (if the Samba share has not been
accessed in a while) it is very slow again. A similar problem (though
it seemed worse) occurred with DL 1.2.9.<br>
    <br>
Looking at the log files (which I never did before, they weren't even
saved previously), I find this stuff (for the log file for any machine
that has accessed the Samba share):<br>
    <br>
[2006/06/11 07:28:09, 0] passdb/secrets.c:fetch_ldap_pw(629)<br>
&nbsp; fetch_ldap_pw: neither ldap secret retrieved!<br>
[2006/06/11 07:28:09, 0] lib/smbldap.c:smbldap_connect_system(851)<br>
&nbsp; ldap_connect_system: Failed to retrieve password from secrets.tdb<br>
[2006/06/11 07:28:09, 1] lib/smbldap.c:another_ldap_try(1051)<br>
&nbsp; Connection to LDAP server failed for the 1 try!<br>
    <br>
...(and repeating every second)...<br>
    <br>
[2006/06/11 07:28:23, 0] passdb/secrets.c:fetch_ldap_pw(629)<br>
&nbsp; fetch_ldap_pw: neither ldap secret retrieved!<br>
[2006/06/11 07:28:23, 0] lib/smbldap.c:smbldap_connect_system(851)<br>
&nbsp; ldap_connect_system: Failed to retrieve password from secrets.tdb<br>
[2006/06/11 07:28:23, 1] lib/smbldap.c:another_ldap_try(1051)<br>
&nbsp; Connection to LDAP server failed for the 15 try!<br>
[2006/06/11 07:28:24, 0] passdb/secrets.c:fetch_ldap_pw(629)<br>
&nbsp; fetch_ldap_pw: neither ldap secret retrieved!<br>
[2006/06/11 07:28:24, 0] lib/smbldap.c:smbldap_connect_system(851)<br>
&nbsp; ldap_connect_system: Failed to retrieve password from secrets.tdb<br>
[2006/06/11 07:28:24, 0] lib/smbldap.c:smbldap_search_suffix(1346)<br>
&nbsp; smbldap_search_suffix: Problem during the LDAP search: (unknown)
(Time limit exceeded)<br>
[2006/06/11 07:28:24, 1] smbd/service.c:make_connection_snum(693)<br>
&nbsp; 192.168.101.90 (192.168.101.90) connect to service d initially as
user someone (uid=1000, gid=100) (pid 2773)<br>
    <br>
So it seems to me that when a machine accesses a Samba share, Samba
tries repeatedly to use LDAP and fails, then after 16 tries (and 16
seconds) it gives up and provides access anyway.<br>
    <br>
Either I need to get the Samba - LDAP bit working (which I guess was
not a requirement with DL 1.2.6 / Samba 3.0.14a), or find a way to
force Samba to work the old way. I see that DL 1.2.7 'added samba
smbldap-tools (Heiko / Thomas Eder)' - I don't know whether this could
be related, and Samba is now 3.0.22. I have tried starting slapd
(/etc/init.d/slapd start) which I never used previously, it hasn't
helped. I guess I would have to configure it - I found info about
configuring Samba with LDAP here <a class="moz-txt-link-freetext"
 href="http://times.usefulinc.com/2005/09/25-ldap">http://times.usefulinc.com/2005/09/25-ldap</a>
and here <a class="moz-txt-link-freetext"
 href="http://www.idealx.com/downloads/samba3-ldap-howto.pdf">http://www.idealx.com/downloads/samba3-ldap-howto.pdf</a>
but they both
look a bit scary. I just want it to be like it was before, really!<br>
    <br>
Here is my smb.conf file, all of it:<br>
    <br>
--------------<br>
    <p><strong>[global]<br>
workgroup = MY_WORKGROUP<br>
server string = Samba Server<br>
security = SHARE<br>
guest account = someone<br>
log file = /home/z-shares/public/var/log.%m<br>
max log size = 50<br>
dns proxy = No<br>
wins support = Yes</strong> </p>
    <strong>
    <p>[ourdocs]<br>
path = /home/z-shares/public<br>
read only = No<br>
guest only = Yes<br>
guest ok = Yes<br>
    </p>
    </strong>----------------<br>
    <strong></strong><strong></strong>Any help gratefully received!<br>
    <br>
Dom<br>
    <pre wrap="">  </pre>
  </blockquote>
An old posting I found which makes me wonder if LDAP is integrated and
is required in the new Samba build in DL:<br>
  <pre>"Samba does not require LDAP libraries, but it sounds like the nmbd binary you are using has been
compiled with LDAP support included. If you want to use Samba without LDAP you will need to obtain
a binary compiled without LDAP support, or compile your own binary from the source code."</pre>
from: <a class="moz-txt-link-freetext"
 href="http://lists.samba.org/archive/samba/2004-February/081597.html">http://lists.samba.org/archive/samba/2004-February/081597.html</a><br>
  <br>
Dom</blockquote>
I think I have solved this by adding to [global] in smb.conf:<br>
<br>
passdb backend = smbpasswd<br>
<br>
I think what has happened is that with LDAP now installed in the DL
Samba build, if you don't specify the passdb backend method, it tries
LDAP then tdb (or possibly the other way round). Eventually it goes
back to smbpasswd (I guess) but takes a very long time (16 seconds) to
do so.<br>
<br>
With this parameter my Samba server is now running at speed again.<br>
<br>
Dom<br>
</body>
</html>