Hi, I'm working on a big problem with a Samba PDC 3.3.7 with an OpenLDAP Backend. The problem is, when a user try to log into a WinXP WorkStation, the Samba Server scan ALL the accounts in the LDAP (about 550 accounts for me). This behavior is the same for ALL users who try to log into ALL workstations (about 250). Finally the connexion succeed but it need to wait a little (about 10 seconds if this user is the only one to try to connect at this time). The problem was bigger when (for practices sessions purpose) i've between 16 and 64 users trying to connect at the same time... the SAMBA server scan ALL accounts during each connexion (between 16 and 64 at the same time...). This results in a dramatically increase of the load average of the LDAP server, and a dramaticaly increase of the time a user need to wait to work on his workstation... When 2 working sessions starts at the same time (i.e. when about 30 users try to connect at the same time), the users must wait about 15 minutes before starting to work. When i read the log for a workstation i see after the loading of the win profile multiples lines like : "init_sam_from_ldap: Entry found for user: user1"... In my case this line appears 551 times (with a different username on each)... this 551 "init_sam_from_ldap" must be multiplied by the number of workstation (about 250). So it's not abnormal that a connexion need 15 minutes to proceed when 30 users try to connect at the same time. I'll put my smb.conf and a sample of workstation log file in attachment.
Created attachment 4764 [details] My smb.conf My smb.conf
Created attachment 4765 [details] Sample of a workstation logfile Sample of a workstation logfile. We can see lines like "init_sam_from_ldap", in reality this line appears 551 times.
(In reply to comment #0) Just for information, in Samba 3.4.1 i've got the same behavior
(In reply to comment #2) > Created an attachment (id=4765) [details] > Sample of a workstation logfile > > Sample of a workstation logfile. We can see lines like "init_sam_from_ldap", in > reality this line appears 551 times. > Please supply a full debug level 10 log of such a login. Volker
(In reply to comment #4) > (In reply to comment #2) > > Created an attachment (id=4765) [details] [details] > > Sample of a workstation logfile > > > > Sample of a workstation logfile. We can see lines like "init_sam_from_ldap", in > > reality this line appears 551 times. > > > > Please supply a full debug level 10 log of such a login. > > Volker > Hi, I've made a log level 10 for a connexion process of one user over one WinXP Pro Workstation. I've kept my smb.conf (cf attachment) unchanged, i've just added "ldapsam:trusted=yes", like you said on samba-list. The logfile is huge (about 40Mb), the scan of the entire LDAP take a lot of lines ^^, so i can't attach this here. But you can find my log file at this URL : http://dl.free.fr/vM7TdMTFM Thanks by advance, Bruno
How much is it if you compress it with bzip2 -9? If it's less than, say, 5MB, send it to me directly. Somehow this overloaded "free" download site does not give it to me. Probably this is only for IE8 users :-( Volker
(In reply to comment #6) > How much is it if you compress it with bzip2 -9? If it's less than, say, 5MB, > send it to me directly. Somehow this overloaded "free" download site does not > give it to me. Probably this is only for IE8 users :-( > > Volker > Why i don't think to compress it... i'm so stupid sometimes :'( ... So compressed its size is about 800Kb ^^ I send it to you now and put it in attachement if anybody else want to check it. DL Free site works with every browser, i never use Windows so i don't have IE at all. I'm working with firefox 2.0.0.20 and 3.5.2 ! Regards, Bruno
Created attachment 4789 [details] Logfile of one connection of a user with log level 10 activated
Set "hide unreadable = no" on the [netlogon] share. I'm closing this bug as invalid, this is a configuration issue. Please re-open with a new log file if that does not help. Volker
(In reply to comment #9) > Set "hide unreadable = no" on the [netlogon] share. > > I'm closing this bug as invalid, this is a configuration issue. Please re-open > with a new log file if that does not help. > > Volker > It works !! Thanks a lot. It's a strange behavior for this simple configuration issue, but when i read the log, it's logical... Thanks again, Bruno