[Samba] LDAP problem, with samba and groups

Bart Hendrix Fri, 24 Dec 2004 02:52:31 -0800

Hi All

We have the following problem: 
We configured samba with LDAP and this works fine. As soon as they try to login 
wit a user who is member of 15 groups, it takes very long to login with Windows 
and then an mostly an errormessage appears.


On win 2000 is the error: There has been made a change to the server. Contact 
you sysadmin

When a user logins (member of 15 groups) ldap shows the following logging: 

Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: => test_filter 
Dec 24 10:43:45 localhost slapd[3322]:     EQUALITY 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: search access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: <= test_filter_and 6 
Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "entry" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "cn" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "cn" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "description" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "description" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaSID" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaSID" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaGroupType" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaGroupType" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "displayName" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "displayName" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 

And then really realy much, very long. With continuesly an other cn = groupname

Now I see that the logging winbindd in /etc/samba/ shows:

[2004/12/24 10:58:36, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 11 try!
[2004/12/24 10:58:37, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:58:37, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 12 try!
[2004/12/24 10:58:38, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:58:38, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 13 try!
[2004/12/24 10:58:39, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:58:39, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 14 try!
[2004/12/24 10:58:40, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:58:40, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 15 try!
[2004/12/24 10:59:44, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:59:44, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 15 try!
[2004/12/24 10:59:46, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:59:46, 3] sam/idmap_ldap.c:ldap_get_sid_from_id(516)
  ldap_get_isd_from_id: Failure looking up entry (Timed out)
[2004/12/24 10:59:46, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(426)
  Could not convert gid 10018 to sid
[2004/12/24 10:59:46, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(374)
  [ 3876]: gid to sid 10001
[2004/12/24 10:59:46, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:59:46, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 1 try!
[2004/12/24 10:59:47, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:59:47, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 2 try!


I think there is a problem that it takes to long for samba before they it get 
an answer back. 
Any idea how to solve this? 

Is there also an option to configure that ldap works faster? It seems that if 
users are member of 15 groups, ldap checks this groups and then give a OK sign 
to samba? 


Thanks and greetz Bart

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP problem, with samba and groups

Reply via email to