Menu
▾
▴
Re: [Devil-Linux-discuss] DL 1.2.10 (& 9): Slow Samba - LDAP problem?
|
From: Dom <dl...@ed...> - 2006-06-13 04:28:22
|
Dom wrote: > Dom wrote: >> >> >> Dom wrote: >>> [this stems from thread: 'DL 1.2.9 upgrade from 1.2.6 (SMP Server) - >>> but slow?' The new subject title is hopefully more useful, as the >>> problem relates to Samba and, I think, LDAP] >>> >>> With Devil-Linux 1.2.6 our very simple (perhaps too simple) Samba >>> setup [see below] worked like a charm. >>> >>> Now using DL 1.2.10 (test) it is very slow for the first access by >>> any machine, and again after a while (if the Samba share has not >>> been accessed in a while) it is very slow again. A similar problem >>> (though it seemed worse) occurred with DL 1.2.9. >>> >>> Looking at the log files (which I never did before, they weren't >>> even saved previously), I find this stuff (for the log file for any >>> machine that has accessed the Samba share): >>> >>> [2006/06/11 07:28:09, 0] passdb/secrets.c:fetch_ldap_pw(629) >>> fetch_ldap_pw: neither ldap secret retrieved! >>> [2006/06/11 07:28:09, 0] lib/smbldap.c:smbldap_connect_system(851) >>> ldap_connect_system: Failed to retrieve password from secrets.tdb >>> [2006/06/11 07:28:09, 1] lib/smbldap.c:another_ldap_try(1051) >>> Connection to LDAP server failed for the 1 try! >>> >>> ...(and repeating every second)... >>> >>> [2006/06/11 07:28:23, 0] passdb/secrets.c:fetch_ldap_pw(629) >>> fetch_ldap_pw: neither ldap secret retrieved! >>> [2006/06/11 07:28:23, 0] lib/smbldap.c:smbldap_connect_system(851) >>> ldap_connect_system: Failed to retrieve password from secrets.tdb >>> [2006/06/11 07:28:23, 1] lib/smbldap.c:another_ldap_try(1051) >>> Connection to LDAP server failed for the 15 try! >>> [2006/06/11 07:28:24, 0] passdb/secrets.c:fetch_ldap_pw(629) >>> fetch_ldap_pw: neither ldap secret retrieved! >>> [2006/06/11 07:28:24, 0] lib/smbldap.c:smbldap_connect_system(851) >>> ldap_connect_system: Failed to retrieve password from secrets.tdb >>> [2006/06/11 07:28:24, 0] lib/smbldap.c:smbldap_search_suffix(1346) >>> smbldap_search_suffix: Problem during the LDAP search: (unknown) >>> (Time limit exceeded) >>> [2006/06/11 07:28:24, 1] smbd/service.c:make_connection_snum(693) >>> 192.168.101.90 (192.168.101.90) connect to service d initially as >>> user someone (uid=1000, gid=100) (pid 2773) >>> >>> So it seems to me that when a machine accesses a Samba share, Samba >>> tries repeatedly to use LDAP and fails, then after 16 tries (and 16 >>> seconds) it gives up and provides access anyway. >>> >>> Either I need to get the Samba - LDAP bit working (which I guess was >>> not a requirement with DL 1.2.6 / Samba 3.0.14a), or find a way to >>> force Samba to work the old way. I see that DL 1.2.7 'added samba >>> smbldap-tools (Heiko / Thomas Eder)' - I don't know whether this >>> could be related, and Samba is now 3.0.22. I have tried starting >>> slapd (/etc/init.d/slapd start) which I never used previously, it >>> hasn't helped. I guess I would have to configure it - I found info >>> about configuring Samba with LDAP here >>> http://times.usefulinc.com/2005/09/25-ldap and here >>> http://www.idealx.com/downloads/samba3-ldap-howto.pdf but they both >>> look a bit scary. I just want it to be like it was before, really! >>> >>> Here is my smb.conf file, all of it: >>> >>> -------------- >>> >>> *[global] >>> workgroup = MY_WORKGROUP >>> server string = Samba Server >>> security = SHARE >>> guest account = someone >>> log file = /home/z-shares/public/var/log.%m >>> max log size = 50 >>> dns proxy = No >>> wins support = Yes* >>> >>> * >>> >>> [ourdocs] >>> path = /home/z-shares/public >>> read only = No >>> guest only = Yes >>> guest ok = Yes >>> >>> *---------------- >>> ****Any help gratefully received! >>> >>> Dom >>> >> An old posting I found which makes me wonder if LDAP is integrated >> and is required in the new Samba build in DL: >> "Samba does not require LDAP libraries, but it sounds like the nmbd binary you are using has been >> compiled with LDAP support included. If you want to use Samba without LDAP you will need to obtain >> a binary compiled without LDAP support, or compile your own binary from the source code." >> from: http://lists.samba.org/archive/samba/2004-February/081597.html >> >> Dom > I think I have solved this by adding to [global] in smb.conf: > > passdb backend = smbpasswd > > I think what has happened is that with LDAP now installed in the DL > Samba build, if you don't specify the passdb backend method, it tries > LDAP then tdb (or possibly the other way round). Eventually it goes > back to smbpasswd (I guess) but takes a very long time (16 seconds) to > do so. > > With this parameter my Samba server is now running at speed again. > > Dom > My previous postings on this thread appear in the archive as blank, tho they were copied out by email okay. I am resubmitting this in text format so hopefully this will appear, then it could help others in the future... Dom |
