Thanks for your advices and Yura Pismerov of the Pam_LDAP mailing list. It appears that this bug occurs when I use "username level = 8" in the smb.conf file. Lots of request dues to this parameter...
Laurent Laurent BLIN wrote: > Laurent Chauvirey wrote: > >>> Hi, >>> >> Hello >> >>> I'm using Samba 2.2.4 with LDAP support (OpenLDAP 2.0.23), and with >>> pam_ldap included in the rpm nss_ldap 1.86 from Redhat (I'm on Linux >>> Redhat 7.2). >>> >>> All these things are working well (I use the same object SambaAcount >>> under PosixAccount in order to authenticate all these things), but a >>> problem appears when I'm trying to list all the accounts and groups >>> from >>> my Win2000 Workstation (select a file shared by Samba, security, add). >>> >>> Using NIS to authentificate, it takes me less than 1 sec to get all the >>> users and groupes from Win2000. >>> Using LDAP (PAM_LDAP), it takes about 1 mn in order to have it. >>> >> >> I had a similar problem (slow lookup with Outlook plugged into my >> openldap) >> until I set an index on the attributes used for the requests : >> >> -- slapd.conf : >> ... >> # Indices to maintain >> index objectClass eq >> index uid pres,eq >> index uidNumber,gidNumber,memberUid,rid eq >> index mail,cn,sn,givenName eq,sub >> ... >> > > I have almost the same indexes > >> >> >>> Looking for LDAP logs, it appears that Samba is looking over and over >>> again with the same request. Don't know which. >>> >> >> Perhaps the timeout because of the time the request takes... It might >> depend >> on your db size. >> > > Samba is looping on the same search in the LDAP base (and uses lots of > CPU). If I stop Samba, the LDAP search stops. And after a TimeOut, > Windows displays the users. Even if Samba has been stoped during the > process > >>> I'm using authconfig tool from Redhat to configure pam_ldap and >>> nss_ldap >>> (files /etc/pam.d/system-auth, /etc/ldap.conf and /etc/nsswitch.conf). >>> >>> Does my problem could be because of using the same object to >>> authenticate both Samba and Unix, or because of conflicts between samba >>> and pam_ldap, or something else??? >>> >> >> No, I'm doing this also and it's just fine. >> > I had the same problem with RPM nss_ldap 1.72 and 1.89, and using > authconfig rpm 4.1.19-1 (bugged) and 4.1.19-2. > Wich version of Samba and pam_ldap are you using??? Would you send me > your /etc/ldap.conf ?? > > I have in my LDAP tree 2 ou: one for the computers and one for the > People, so I had to modify the /etc/ldap.conf in order to search > accounts. Could it be here the problem??? > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba