Laurent Chauvirey wrote: >>Hi, >> >Hello > >>I'm using Samba 2.2.4 with LDAP support (OpenLDAP 2.0.23), and with >>pam_ldap included in the rpm nss_ldap 1.86 from Redhat (I'm on Linux >>Redhat 7.2). >> >>All these things are working well (I use the same object SambaAcount >>under PosixAccount in order to authenticate all these things), but a >>problem appears when I'm trying to list all the accounts and groups from >>my Win2000 Workstation (select a file shared by Samba, security, add). >> >>Using NIS to authentificate, it takes me less than 1 sec to get all the >>users and groupes from Win2000. >>Using LDAP (PAM_LDAP), it takes about 1 mn in order to have it. >> > >I had a similar problem (slow lookup with Outlook plugged into my openldap) >until I set an index on the attributes used for the requests : > >-- slapd.conf : >... ># Indices to maintain >index objectClass eq >index uid pres,eq >index uidNumber,gidNumber,memberUid,rid eq >index mail,cn,sn,givenName eq,sub >... >
I have almost the same indexes > > >>Looking for LDAP logs, it appears that Samba is looking over and over >>again with the same request. Don't know which. >> > >Perhaps the timeout because of the time the request takes... It might depend >on your db size. > Samba is looping on the same search in the LDAP base (and uses lots of CPU). If I stop Samba, the LDAP search stops. And after a TimeOut, Windows displays the users. Even if Samba has been stoped during the process >>I'm using authconfig tool from Redhat to configure pam_ldap and nss_ldap >>(files /etc/pam.d/system-auth, /etc/ldap.conf and /etc/nsswitch.conf). >> >>Does my problem could be because of using the same object to >>authenticate both Samba and Unix, or because of conflicts between samba >>and pam_ldap, or something else??? >> > >No, I'm doing this also and it's just fine. > I had the same problem with RPM nss_ldap 1.72 and 1.89, and using authconfig rpm 4.1.19-1 (bugged) and 4.1.19-2. Wich version of Samba and pam_ldap are you using??? Would you send me your /etc/ldap.conf ?? I have in my LDAP tree 2 ou: one for the computers and one for the People, so I had to modify the /etc/ldap.conf in order to search accounts. Could it be here the problem??? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
