Ryan Suarez wrote: > Michal Dobroczynski wrote: >> Hello, >> If you want to avoid using get**** try setting "ldapsam:trusted = >> yes". This way Samba will fetch user info directly from LDAP instead >> of going through the getpwent and others which reaaaaaally pull a lot >> of data. That should reduce the time needed to login a bit (at least >> that worked for me). >>
The get**** as in my perl script actually. I will have to do some reading to figure out how to get the info I need without it. > You're assuming that his samba is setup as a domain controller, not > simply a domain member. And that it has write access to ldap with the > necessary attributes. > > Scott, you need to provide more info. > Rest of the info is at the bottom of this post. >>> Just curious, Are you using samba with nss_ldap and pam_ldap for user >>> lookups and authentication? >>> Yes. I hope it is all setup correctly. It is working it seems. It seems that it really got slow in the last couple of days. I have added some users to LDAP, but not that many. There are proabably a total of 1000 users and not near all of them would log on at once. Maybe a couple of hundred at the very most and more like 75-100. >>> [email protected] wrote: >>> >>>> It seems my logins are taking a long time to get logged in. I am >>>> guessing >>>> that it is worse when classes start and a lot of the kids try to login >>>> at >>>> once. My old server did not seem to have this problem though and we >>>> have >>>> the same number of students. >>>> >>>> Where should I start looking at this? I am guessing that it is ldap, >>>> but >>>> want to make sure. >>>> >>>> If I log in at a computer and go to start->run and type \\server, it >>>> may >>>> take 1-2 minutes until I can see my shares which is the same thing the >>>> students are seeing when logging into the domain. I just wanted to >>>> leave >>>> any profile copying out of the equation so I just did it this way. >>>> >>>> I noticed this first on my batch user add program for adding users to >>>> ldap/samba. The program reads in the users and groups with getpwent >>>> and >>>> getgrent and it really takes a long time. >>>> >>>> Any suggestions of what to start looking for would be appreciated. I have a question about LDAP also and was wondering if this would affect it. I know that on my old server I had the following in the slapd.conf: core cosine inetorgperson nis samba On my new one it has the above plus: corba duaconf dyngroup java misc openldap ppolicy collective Those were just in there when I installed it so I left them. Should I take them out or would that not have any affect on logins at all? Here is my smb.conf [global] workgroup = BES server string = netbios name = SCHOOL1 host msdfs = yes interfaces = lo eth0 hosts allow = 127. 10.0. 192.168.0. localhost log level = 3 ldap passwd sync = Yes ldap admin dn = cn=Manager,dc=school1,dc=bloomfield.k12.mo.us ldap suffix = dc=school1,dc=bloomfield.k12.mo.us ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users add machine script = /usr/sbin/smbldap-useradd -w "%u" add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes add group script = /usr/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" Dos charset = 850 Unix charset = ISO8859-1 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 log file = /var/log/samba/log.%m security = user passdb backend = ldapsam:ldap://127.0.0.1 domain master = yes domain logons = yes logon path = /bin/false "%u" local master = yes os level = 65 preferred master = yes wins support = yes dns proxy = no load printers = yes cups options = raw [teacher_dfs] path = /district/dfs_shares/teachers msdfs root = yes [student_dfs] path = /district/dfs_shares/students msdfs root = yes [userhome] comment = Home Directories path = /home/%u read only = no [student] comment = School Wide Main for students path = /district/school read only = no create mask = 660 force create mode = 2660 directory mask = 770 force directory mode = 3770 [teacher] comment = School Wide Main for teachers path = /district/school read only = no create mask = 666 force create mode = 2666 directory mask = 777 force directory mode = 3777 valid users = @teacher @admin @staff [staff] comment = drive for staff to share things on path = /district/teachers read only = no create mask = 666 force create mode = 2666 directory mask = 777 force directory mode = 3777 valid users = @teacher @admin @staff [sis] path = /district/sis read only = no valid users = @sis @teacher @admin create mask = 666 directory mask = 770 force directory mode = 2770 level2 oplocks = no oplocks = no [follett] path = /district/follett read only = no [vexira] path = /district/vexira read only = yes [software] path = /district/_SOFTWARE read only = no [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no root preexec = /var/lib/samba/netlogon/logonscript.pl %U %M %m %I root postexec = /var/lib/samba/netlogon/logoutscript.pl %U %M %m %I thanks again. -- Scott Mayo - System Administrator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Question: Because it reverses the logical flow of conversation. Answer: Why is putting a reply at the top of the message frowned upon? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
