From: Dom <dl...@ed...> - 2006-06-11 13:27:49
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> Dom wrote: <blockquote cite="mid...@ed..." type="cite"> <br> <br> Dom wrote: <blockquote cite="mid...@ed..." type="cite"> [this stems from thread: 'DL 1.2.9 upgrade from 1.2.6 (SMP Server) - but slow?' The new subject title is hopefully more useful, as the problem relates to Samba and, I think, LDAP]<br> <br> With Devil-Linux 1.2.6 our very simple (perhaps too simple) Samba setup [see below] worked like a charm.<br> <br> Now using DL 1.2.10 (test) it is very slow for the first access by any machine, and again after a while (if the Samba share has not been accessed in a while) it is very slow again. A similar problem (though it seemed worse) occurred with DL 1.2.9.<br> <br> Looking at the log files (which I never did before, they weren't even saved previously), I find this stuff (for the log file for any machine that has accessed the Samba share):<br> <br> [2006/06/11 07:28:09, 0] passdb/secrets.c:fetch_ldap_pw(629)<br> fetch_ldap_pw: neither ldap secret retrieved!<br> [2006/06/11 07:28:09, 0] lib/smbldap.c:smbldap_connect_system(851)<br> ldap_connect_system: Failed to retrieve password from secrets.tdb<br> [2006/06/11 07:28:09, 1] lib/smbldap.c:another_ldap_try(1051)<br> Connection to LDAP server failed for the 1 try!<br> <br> ...(and repeating every second)...<br> <br> [2006/06/11 07:28:23, 0] passdb/secrets.c:fetch_ldap_pw(629)<br> fetch_ldap_pw: neither ldap secret retrieved!<br> [2006/06/11 07:28:23, 0] lib/smbldap.c:smbldap_connect_system(851)<br> ldap_connect_system: Failed to retrieve password from secrets.tdb<br> [2006/06/11 07:28:23, 1] lib/smbldap.c:another_ldap_try(1051)<br> Connection to LDAP server failed for the 15 try!<br> [2006/06/11 07:28:24, 0] passdb/secrets.c:fetch_ldap_pw(629)<br> fetch_ldap_pw: neither ldap secret retrieved!<br> [2006/06/11 07:28:24, 0] lib/smbldap.c:smbldap_connect_system(851)<br> ldap_connect_system: Failed to retrieve password from secrets.tdb<br> [2006/06/11 07:28:24, 0] lib/smbldap.c:smbldap_search_suffix(1346)<br> smbldap_search_suffix: Problem during the LDAP search: (unknown) (Time limit exceeded)<br> [2006/06/11 07:28:24, 1] smbd/service.c:make_connection_snum(693)<br> 192.168.101.90 (192.168.101.90) connect to service d initially as user someone (uid=1000, gid=100) (pid 2773)<br> <br> So it seems to me that when a machine accesses a Samba share, Samba tries repeatedly to use LDAP and fails, then after 16 tries (and 16 seconds) it gives up and provides access anyway.<br> <br> Either I need to get the Samba - LDAP bit working (which I guess was not a requirement with DL 1.2.6 / Samba 3.0.14a), or find a way to force Samba to work the old way. I see that DL 1.2.7 'added samba smbldap-tools (Heiko / Thomas Eder)' - I don't know whether this could be related, and Samba is now 3.0.22. I have tried starting slapd (/etc/init.d/slapd start) which I never used previously, it hasn't helped. I guess I would have to configure it - I found info about configuring Samba with LDAP here <a class="moz-txt-link-freetext" href="http://times.usefulinc.com/2005/09/25-ldap">http://times.usefulinc.com/2005/09/25-ldap</a> and here <a class="moz-txt-link-freetext" href="http://www.idealx.com/downloads/samba3-ldap-howto.pdf">http://www.idealx.com/downloads/samba3-ldap-howto.pdf</a> but they both look a bit scary. I just want it to be like it was before, really!<br> <br> Here is my smb.conf file, all of it:<br> <br> --------------<br> <p><strong>[global]<br> workgroup = MY_WORKGROUP<br> server string = Samba Server<br> security = SHARE<br> guest account = someone<br> log file = /home/z-shares/public/var/log.%m<br> max log size = 50<br> dns proxy = No<br> wins support = Yes</strong> </p> <strong> <p>[ourdocs]<br> path = /home/z-shares/public<br> read only = No<br> guest only = Yes<br> guest ok = Yes<br> </p> </strong>----------------<br> <strong></strong><strong></strong>Any help gratefully received!<br> <br> Dom<br> <pre wrap=""> </pre> </blockquote> An old posting I found which makes me wonder if LDAP is integrated and is required in the new Samba build in DL:<br> <pre>"Samba does not require LDAP libraries, but it sounds like the nmbd binary you are using has been compiled with LDAP support included. If you want to use Samba without LDAP you will need to obtain a binary compiled without LDAP support, or compile your own binary from the source code."</pre> from: <a class="moz-txt-link-freetext" href="http://lists.samba.org/archive/samba/2004-February/081597.html">http://lists.samba.org/archive/samba/2004-February/081597.html</a><br> <br> Dom</blockquote> I think I have solved this by adding to [global] in smb.conf:<br> <br> passdb backend = smbpasswd<br> <br> I think what has happened is that with LDAP now installed in the DL Samba build, if you don't specify the passdb backend method, it tries LDAP then tdb (or possibly the other way round). Eventually it goes back to smbpasswd (I guess) but takes a very long time (16 seconds) to do so.<br> <br> With this parameter my Samba server is now running at speed again.<br> <br> Dom<br> </body> </html> |