[Samba] LDAP problem, with samba and groups

2004-12-24 Thread Bart Hendrix 
Hi All

We have the following problem: 
We configured samba with LDAP and this works fine. As soon as they try to login 
wit a user who is member of 15 groups, it takes very long to login with Windows 
and then an mostly an errormessage appears. 

On win 2000 is the error: There has been made a change to the server. Contact 
you sysadmin

When a user logins (member of 15 groups) ldap shows the following logging: 

Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: = test_filter 
Dec 24 10:43:45 localhost slapd[3322]: EQUALITY 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: search access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl gidNumber requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: = test_filter_and 6 
Dec 24 10:43:45 localhost slapd[3322]: = test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl entry requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl objectClass requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl objectClass requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl objectClass requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl cn requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl cn requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl gidNumber requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl gidNumber requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:45 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl description requested 
Dec 24 10:43:45 localhost slapd[3322]: = root access granted 
Dec 24 10:43:46 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl description requested 
Dec 24 10:43:46 localhost slapd[3322]: = root access granted 
Dec 24 10:43:46 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl sambaSID requested 
Dec 24 10:43:46 localhost slapd[3322]: = root access granted 
Dec 24 10:43:46 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl sambaSID requested 
Dec 24 10:43:46 localhost slapd[3322]: = root access granted 
Dec 24 10:43:46 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl sambaGroupType requested 
Dec 24 10:43:46 localhost slapd[3322]: = root access granted 
Dec 24 10:43:46 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl sambaGroupType requested 
Dec 24 10:43:46 localhost slapd[3322]: = root access granted 
Dec 24 10:43:46 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl displayName requested 
Dec 24 10:43:46 localhost slapd[3322]: = root access granted 
Dec 24 10:43:46 localhost slapd[3322]: = access_allowed: read access to 
cn=engineering_w,ou=Groups,dc=sif-group,dc=nl displayName requested 
Dec 24 10:43:46 localhost slapd[3322]: = root access granted 

And then really realy much, very long. With continuesly an other cn = groupname

Now I see that the logging winbindd in /etc/samba/ shows:

[2004/12/24 10:58:36, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 11 try!
[2004/12/24 10:58:37, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:58:37, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 12 try!
[2004/12/24 10:58:38, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:58:38, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 13 try!
[2004/12/24 10:58:39, 0]

Re: [Samba] LDAP problem, with samba and groups

2004-12-24 Thread Adam Tauno Williams 
 [2004/12/24 10:59:46, 0] lib/smbldap.c:smbldap_open_connection(545)
   ldap_initialize: Time limit exceeded
 [2004/12/24 10:59:46, 1] lib/smbldap.c:another_ldap_try(936)
   Connection to LDAP server failed for the 1 try!
 [2004/12/24 10:59:47, 0] lib/smbldap.c:smbldap_open_connection(545)
   ldap_initialize: Time limit exceeded
 [2004/12/24 10:59:47, 1] lib/smbldap.c:another_ldap_try(936)
   Connection to LDAP server failed for the 2 try!
 I think there is a problem that it takes to long for samba before they it get
 an answer back. 
 Any idea how to solve this? 
 Is there also an option to configure that ldap works faster? It seems that if
 users are member of 15 groups, ldap checks this groups and then give a OK
 sign to samba? 

Why not test your LDAP server with ldapsearch? (You didn't say what LDAP
server you are using).  If performance is bad, address that, which has nothing
to do with Samba.

Also test id, make sure NSS is really working, and try using name service
caching if you aren't using the DSA via a domain socket.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba