Your ISA server is searching USER1 on ldap server. Did you migrate all users?
You should try: # ldapsearch -x -W -D 'cn=admin,dc=test,dc=fr" uid=USER1 or # ldapsearch -w -D -D 'cn=admin,dc=test,dc=fr" > all.ldif. it will make a text file with all information about your ldap db. where cn=admin,dc=test,dc=fr is your admin user in ldap system (look at slapd.conf) (binddn) On request give your bind ldap password. Il gio, 2004-07-29 alle 15:30, Julien Bordet ha scritto: > Hi everybody, > > I have a Samba 3.0.4 PDC configured on my network. Previously, there was a Windows > NT 4 PDC, that was migrated to my Samba / OpenLDAP configuration. > > Everything is working fine, except our ISA Server. > > Indeed, ISA Server was previously configured to let users that belong to the > "Internet Access" group to surf. During the migration phase, we did not change > anything. > > Now it works, but very very slowly, and by far slower than before the migration. > > Tracing the network data between the ISA server and the Samba Server, and having a > look at the openLDAP log file make me think that ISA Server tries to authenticate > user for each request, and not once per session. Indeed, I've got much network > traffic, lots a LDAP requests like that : > > Jul 29 15:22:36 ldap slapd[25440]: conn=2 op=2222 SRCH base="dc=test,dc=fr" scope=2 > filter="(&(uid=USER1)(objectClass=sambaSamAccount))" > > and much load on the server, because of slapd processes. If I turn off ISA server, > everything is OK and normal. > > So is NTLM authentication different in Samba than in Windows NT PDC ? What would you > advise me ? > > Many thanks > > Julien > > ------------------------------------------------------ > My smb.conf file : > > > [Global] > workgroup = RUEIL1 > netbios name = LDAP > server string = SAMBA-LDAP PDC > username map = /etc/samba/smbusers > encrypt passwords = yes > interfaces = 172.16.0.115/16 > domain logons = Yes > os level = 65 > domain master = Yes > local master = Yes > preferred master = Yes > security = user > wins support = Yes > name resolve order = wins bcast lmhosts host > admin users = install administrateur > passdb backend = ldapsam:ldap://localhost > ldap admin dn = "cn=samba,ou=DSA,dc=mairie-rueilmalmaison,dc=fr" > ldap ssl = off > ldap delete dn = yes > ldap user suffix = ou=Utilisateurs > ldap group suffix = ou=Groupes > ldap machine suffix = ou=Machines > ldap suffix = dc=mairie-rueilmalmaison,dc=fr > ldap idmap suffix = ou=Utilisateurs > ldap passwd sync = yes > Dos charset = 850 > Unix charset = ISO8859-1 > log level = 1 > #log level = 3 > log file = /var/log/samba/%m.log > max log size = 100000 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE > IPTOS_LOWDELAY > logon script = logon.bat > logon drive = H: > logon home = > logon path = > add machine script = /usr/local/sbin/smbldap-useradd -w "%u" > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" > #delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" > [homes] > comment = RÃpertoires utilisateurs > valid users = %U > read only = No > create mask = 0664 > directory mask = 0775 > browseable = No > [netlogon] > path = /var/lib/samba/netlogon > browseable = No > read only = Yes > > > > > ______________________________________________________________________ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba _______________________ Umberto Zanatta linuxDidattica tel: +39 (335) 54 71 385 email: [EMAIL PROTECTED] web: http://linuxdidattica.org _______________________ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
