Re: [Samba] Too much init_sam_from_ldap...
Bruno MACADRE a écrit : Hi ! I'm working in a educational administration, i've made a domain with a Samba 3.4.1 PDC with a LDAP backend. When a user log into an XP Workstation, i see in the log file a lot of init_sam_from_ldap. In fact, instead of scanning only the user who try to connect, a lot of them are scanned. I've got about 600 account into the LDAP so the time needed by the user to connect into the workstation is a little increased. The problem is also more important when i've pratices sessions because i've between 16 and 64 users that try to log onto the domain at the same time. I see init_sam_from_ldap into all of workstation log files (on the samba server) and the load average of the LDAP server increase dramatically... On a practice session with only 16 users connecting at the same time, the elapsed time before the user can use his workstation is between 5 and 10 minutes !!! When only 1 user try to connect (from the same workstation) the time is lesser than 20 seconds... How can I stop (or limit) all of this init_sam_from_ldap..., to let all of my students working properly ?? Thanks by advance, Bruno Following : Usefull informations * Sample of workstation SAMBA logfile : [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: benoijod [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 2 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (12268, 1) - sec_ctx_stack_ndx = 0 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(12268, 1) : sec_ctx_stack_ndx = 1 [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 0 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 1 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: chevamic ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: delapmic ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: demarjoh ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: ouldbahm ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: molinste ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: baerrud ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: brihifay ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: chomacam ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: colomben ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: ducroant ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: ouldmyou ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: mokadabd ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: antiomar ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: andrirad ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: aprilame ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: duperjon ... ... ... * The LDAP Server : DELL PowerEdge 2950 with 2x QuadCore and 4Gb Memory * The SAMBA PDC : DELL PowerEdge 1950 with 2x QuadCore and 4Gb Memory PS: Sorry for my poor english :-) I investigate a little more since my last mail : I've downgraded my SAMBA 3.4.1 to SAMBA 3.3.7 the problem is the same.
Re: [Samba] Too much init_sam_from_ldap...
Finally i've opened a bug on samba.org (Bug #6771). At this time i've made a workaround using pdbedit during the night to translate an ldapsam backend into smbpasswd backend : # pdbedit -i ldapsam:ldap://ldapserver/; -e smbpasswd:/var/lib/samba/private/smbpasswd It's a really bad workaround but i can't stop my production anymore... With this workaround the time needed for 1 user to log into any workstation is lesser than 5 seconds (it's amazing ^^) I hope that somebody find something better than my workaround, i don't like this kind of poor work... regards, Bruno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Too much init_sam_from_ldap...
Hi ! I'm working in a educational administration, i've made a domain with a Samba 3.4.1 PDC with a LDAP backend. When a user log into an XP Workstation, i see in the log file a lot of init_sam_from_ldap. In fact, instead of scanning only the user who try to connect, a lot of them are scanned. I've got about 600 account into the LDAP so the time needed by the user to connect into the workstation is a little increased. The problem is also more important when i've pratices sessions because i've between 16 and 64 users that try to log onto the domain at the same time. I see init_sam_from_ldap into all of workstation log files (on the samba server) and the load average of the LDAP server increase dramatically... On a practice session with only 16 users connecting at the same time, the elapsed time before the user can use his workstation is between 5 and 10 minutes !!! When only 1 user try to connect (from the same workstation) the time is lesser than 20 seconds... How can I stop (or limit) all of this init_sam_from_ldap..., to let all of my students working properly ?? Thanks by advance, Bruno Following : Usefull informations * Sample of workstation SAMBA logfile : [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: benoijod [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 2 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (12268, 1) - sec_ctx_stack_ndx = 0 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(12268, 1) : sec_ctx_stack_ndx = 1 [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 0 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/09/29 19:13:34, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 1 [2009/09/29 19:13:34, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: chevamic ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: delapmic ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: demarjoh ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: ouldbahm ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: molinste ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: baerrud ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: brihifay ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: chomacam ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: colomben ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: ducroant ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: ouldmyou ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: mokadabd ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: antiomar ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: andrirad ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: aprilame ... [2009/09/29 19:13:34, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: duperjon ... ... ... * The LDAP Server : DELL PowerEdge 2950 with 2x QuadCore and 4Gb Memory * The SAMBA PDC : DELL PowerEdge 1950 with 2x QuadCore and 4Gb Memory PS: Sorry for my poor english :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba