Bruno MACADRE a écrit : > Hi ! > > I'm working in a educational administration, i've made a domain with > a Samba 3.4.1 PDC with a LDAP backend. When a user log into an XP > Workstation, i see in the log file a lot of "init_sam_from_ldap". In > fact, instead of scanning only the user who try to connect, a lot of > them are scanned. I've got about 600 account into the LDAP so the time > needed by the user to connect into the workstation is a little increased. > > The problem is also more important when i've pratices sessions > because i've between 16 and 64 users that try to log onto the domain at > the same time. I see "init_sam_from_ldap" into all of workstation log > files (on the samba server) and the load average of the LDAP server > increase dramatically... On a practice session with only 16 users > connecting at the same time, the elapsed time before the user can "use" > his workstation is between 5 and 10 minutes !!! When only 1 user try to > connect (from the same workstation) the time is lesser than 20 seconds... > > How can I stop (or limit) all of this "init_sam_from_ldap...", to let > all of my students working properly ?? > > Thanks by advance, > Bruno > > Following : Usefull informations > > * Sample of workstation SAMBA logfile : > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: benoijod > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 > [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(102) : conn_ctx_stack_ndx = 2 > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) > pop_sec_ctx (12268, 10000) - sec_ctx_stack_ndx = 0 > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(12268, 10000) : sec_ctx_stack_ndx = 1 > [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(102) : conn_ctx_stack_ndx = 0 > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 > [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) > push_conn_ctx(102) : conn_ctx_stack_ndx = 1 > [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: chevamic > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: delapmic > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: demarjoh > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: ouldbahm > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: molinste > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: baerrud > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: brihifay > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: chomacam > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: colomben > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: ducroant > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: ouldmyou > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: mokadabd > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: antiomar > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: andrirad > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: aprilame > ... > [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: duperjon > ... > ... > ... > > * The LDAP Server : DELL PowerEdge 2950 with 2x QuadCore and 4Gb Memory > * The SAMBA PDC : DELL PowerEdge 1950 with 2x QuadCore and 4Gb Memory > > > PS: Sorry for my poor english :-) >
I investigate a little more since my last mail : I've downgraded my SAMBA 3.4.1 to SAMBA 3.3.7 the problem is the same. For each connexion SAMBA scan ALL the LDAP !!! I clean a workstation log file, connect to this workstation and go to the server and type : # grep "init_sam_from_ldap:" log.WORKSTATION_NAME | wc -l I've got the answer : 551 551 is about the number of account in my LDAP... The problem is here !! My question is : Why SAMBA need to scan entirely the LDAP to connect only one user ?? (this behavior is the same with all user on all workstation) I think this is a bug. So i will try some other tests and open a bug... Regards, Bruno. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
