Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Slow ldap authentication against samba 4
227 views
Skip to first unread message
Jefferson Parreira dos Santos Emerick
Jan 19, 2015, 1:30:04 PM1/19/15
to
hi everyone... somebody has experimented any problems with poor
performance about ldap authentication against samba 4? I'm trying
authentication with 300 users and many users can't login. Some conections
are rejected. I doesn't found anything searching on internet. Any help?
--
Grato,
Jefferson Parreira dos Santos Emerick
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
performance about ldap authentication against samba 4? I'm trying
authentication with 300 users and many users can't login. Some conections
are rejected. I doesn't found anything searching on internet. Any help?
--
Grato,
Jefferson Parreira dos Santos Emerick
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
Jan 19, 2015, 2:20:03 PM1/19/15
to
On 19/01/15 18:22, Jefferson Parreira dos Santos Emerick wrote:
> hi everyone... somebody has experimented any problems with poor
> performance about ldap authentication against samba 4? I'm trying
> authentication with 300 users and many users can't login. Some conections
> are rejected. I doesn't found anything searching on internet. Any help?
>
>
> --
> Grato,
> Jefferson Parreira dos Santos Emerick
Hi, are you using samba in 'classic' mode with openldap, or you
> hi everyone... somebody has experimented any problems with poor
> performance about ldap authentication against samba 4? I'm trying
> authentication with 300 users and many users can't login. Some conections
> are rejected. I doesn't found anything searching on internet. Any help?
>
>
> --
> Grato,
> Jefferson Parreira dos Santos Emerick
referring to the builtin samba ldap when used in AD DC mode.
Could you post your smb.conf
Rowland
Mauricio Tavares
Jan 19, 2015, 2:20:04 PM1/19/15
to
On Mon, Jan 19, 2015 at 1:22 PM, Jefferson Parreira dos Santos Emerick
<jep...@gmail.com> wrote:
> hi everyone... somebody has experimented any problems with poor
> performance about ldap authentication against samba 4? I'm trying
> authentication with 300 users and many users can't login. Some conections
> are rejected. I doesn't found anything searching on internet. Any help?
>
Can the same users authenticate against other devices/services
<jep...@gmail.com> wrote:
> hi everyone... somebody has experimented any problems with poor
> performance about ldap authentication against samba 4? I'm trying
> authentication with 300 users and many users can't login. Some conections
> are rejected. I doesn't found anything searching on internet. Any help?
>
using ldap without issues? What does the log file say?
Mauricio Tavares
Jan 19, 2015, 2:20:04 PM1/19/15
to
On Mon, Jan 19, 2015 at 1:22 PM, Jefferson Parreira dos Santos Emerick
<jep...@gmail.com> wrote:
> hi everyone... somebody has experimented any problems with poor
> performance about ldap authentication against samba 4? I'm trying
> authentication with 300 users and many users can't login. Some conections
> are rejected. I doesn't found anything searching on internet. Any help?
>
<jep...@gmail.com> wrote:
> hi everyone... somebody has experimented any problems with poor
> performance about ldap authentication against samba 4? I'm trying
> authentication with 300 users and many users can't login. Some conections
> are rejected. I doesn't found anything searching on internet. Any help?
>
Can the same users authenticate against other devices/services
using ldap without issues? What does the log file say?
>
using ldap without issues? What does the log file say?
>
Rowland Penny
Jan 19, 2015, 3:10:04 PM1/19/15
to
On 19/01/15 19:50, Jefferson Parreira dos Santos Emerick wrote:
> Hi.. so.. I did the classicupgrade from samba3 with sucess. Users can
> login how i expected. The problem happen when i try many users to
> logon to samba 4. This is very slow and some users can't login and the
> message that i got is: "Can't contact LDAP server". I didn't see
> anything more in samba log's.
>
> The *samba's* version i'm using is *4.1.14* with *bind 9.10*
>
> Here is my conf:
>
> # Global parameters
> [global]
> workgroup = XXXXXX
> realm = XXXXXX.XXX.XXX
> netbios name = XXXXXXXXXX
> server role = active directory domain controller
> private dir = /opt/samba/private
> log level = 2
> lock directory = /opt/samba
> state directory = /opt/samba/state
> cache directory = /opt/samba/cache
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
>
> interfaces = 127.0.0.1 10.1.0.65
> bind interfaces only = yes
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> SO_SNDBUF=65536
> max mux = 1000
>
> [netlogon]
> path = /opt/samba/state/sysvol/xxxxx.xxx.xx/scripts
> <http://conab.gov.br/scripts>
> read only = No
>
> [sysvol]
> path = /opt/samba/state/sysvol
> read only = No
>
>
> I thank you for the help.
>
> Sorry by my english.
>
Hi, remove the 'socket options' & 'max mux' lines, you shouldn't use the
first and you shouldn't need to change the second.
What OS are you using ?
I take it your clients are joined to the domain, are they using roaming
profiles ??
Did you compile samba yourself ?
Don't worry about your English, it is a lot better than my Brazilian :-D
> Hi.. so.. I did the classicupgrade from samba3 with sucess. Users can
> login how i expected. The problem happen when i try many users to
> logon to samba 4. This is very slow and some users can't login and the
> message that i got is: "Can't contact LDAP server". I didn't see
> anything more in samba log's.
>
> The *samba's* version i'm using is *4.1.14* with *bind 9.10*
>
> Here is my conf:
>
> # Global parameters
> [global]
> workgroup = XXXXXX
> realm = XXXXXX.XXX.XXX
> netbios name = XXXXXXXXXX
> server role = active directory domain controller
> private dir = /opt/samba/private
> log level = 2
> lock directory = /opt/samba
> state directory = /opt/samba/state
> cache directory = /opt/samba/cache
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
>
> interfaces = 127.0.0.1 10.1.0.65
> bind interfaces only = yes
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> SO_SNDBUF=65536
> max mux = 1000
>
> [netlogon]
> path = /opt/samba/state/sysvol/xxxxx.xxx.xx/scripts
> <http://conab.gov.br/scripts>
> read only = No
>
> [sysvol]
> path = /opt/samba/state/sysvol
> read only = No
>
>
> I thank you for the help.
>
> Sorry by my english.
>
Hi, remove the 'socket options' & 'max mux' lines, you shouldn't use the
first and you shouldn't need to change the second.
What OS are you using ?
I take it your clients are joined to the domain, are they using roaming
profiles ??
Did you compile samba yourself ?
Don't worry about your English, it is a lot better than my Brazilian :-D
Rowland Penny
Jan 20, 2015, 6:20:04 AM1/20/15
to
On 20/01/15 11:07, Jefferson Parreira dos Santos Emerick wrote:
> Good morning, dude.
> I compiled 'cause i already tried use other package version and didn't
> work properly.
> Yeah yeah.. about the network, is very well. Everything working fine.
>
> I'm just trying simple bind of many users or many times with one user
> and the ldap response is very slow or sometimes can't login. The same
> test in OpenLDAP or AD is working fine
>
> That is more strange for me. The same test with AD that is part of the
> domain works like a charm.
> --
>
Could you be a bit more precise on how you are binding to the ldap in
AD, what are you trying to achieve ??
> Good morning, dude.
> I compiled 'cause i already tried use other package version and didn't
> work properly.
> Yeah yeah.. about the network, is very well. Everything working fine.
>
> I'm just trying simple bind of many users or many times with one user
> and the ldap response is very slow or sometimes can't login. The same
> test in OpenLDAP or AD is working fine
>
> That is more strange for me. The same test with AD that is part of the
> domain works like a charm.
> --
>
Could you be a bit more precise on how you are binding to the ldap in
AD, what are you trying to achieve ??
Rowland Penny
Jan 20, 2015, 6:50:03 AM1/20/15
to
On 20/01/15 11:14, Jefferson Parreira dos Santos Emerick wrote:
> Yeah.. I wrote a simple script in python to test it. Here is the scrit:
>
> *import ldap*
> *from threading import Thread*
> *import time*
> *import sys*
> *
> *
> *class LDAPTtryThread(Thread):*
> *
> *
> * def __init__(self, **kwargs):*
> * Thread.__init__(self)*
> *self.id <http://self.id> = kwargs.get('id')*
> * self.host = kwargs.get('host')*
> * self.username = kwargs.get('username')*
> * self.password = kwargs.get('password')*
> * self.timeout = kwargs.get('timeout',None)*
> *
> *
> * def run(self):*
> * try:*
> * l = ldap.open(self.host)*
> * l.protocol_version = ldap.VERSION3*
> * l.port = 389*
> * if self.timeout:*
> * l.set_option(ldap.OPT_TIMEOUT, self.timeout)*
> * l.simple_bind_s(self.username, self.password)*
> * print '%s OK' %self.id <http://self.id>*
> * except ldap.LDAPError, e:*
> * print '%s FAIL' %self.id <http://self.id>, e*
> *
> *
> *for i in range(int(sys.argv[4])):*
> * timeout = None*
> * if len(sys.argv) > 5:*
> * timeout = int(sys.argv[5])*
> * LDAPTesteThread(*
> * id=i, host=sys.argv[1], username=sys.argv[2],
> password=sys.argv[3],timeout=timeout).start()*
>
>
> Yeah.. I wrote a simple script in python to test it. Here is the scrit:
>
> *import ldap*
> *from threading import Thread*
> *import time*
> *import sys*
> *
> *
> *class LDAPTtryThread(Thread):*
> *
> *
> * def __init__(self, **kwargs):*
> * Thread.__init__(self)*
> *self.id <http://self.id> = kwargs.get('id')*
> * self.host = kwargs.get('host')*
> * self.username = kwargs.get('username')*
> * self.password = kwargs.get('password')*
> * self.timeout = kwargs.get('timeout',None)*
> *
> *
> * def run(self):*
> * try:*
> * l = ldap.open(self.host)*
> * l.protocol_version = ldap.VERSION3*
> * l.port = 389*
> * if self.timeout:*
> * l.set_option(ldap.OPT_TIMEOUT, self.timeout)*
> * l.simple_bind_s(self.username, self.password)*
> * print '%s OK' %self.id <http://self.id>*
> * except ldap.LDAPError, e:*
> * print '%s FAIL' %self.id <http://self.id>, e*
> *
> *
> *for i in range(int(sys.argv[4])):*
> * timeout = None*
> * if len(sys.argv) > 5:*
> * timeout = int(sys.argv[5])*
> * LDAPTesteThread(*
> * id=i, host=sys.argv[1], username=sys.argv[2],
> password=sys.argv[3],timeout=timeout).start()*
>
>
Hmm, no idea if that is part of the problem or not, to me python is a
snake :-D
Why do you want to use ldap authentication ?
Do you have some specific programs that you want to connect to AD ?
Jefferson P. S. Emerick
Aug 13, 2015, 9:30:05 AM8/13/15
to
Good Morning.
So.. anybody else have this same issue? Slow ldap authentication?
--
Grato,
jep...@gmail.com>:
> I have many corporate systems that connect to Samba 4 for authentication
> and a considerable number of users and machines that need this
> authentication working well and smoothly.
> I try a java script too, with the same problem.
>
> I found foruns with the same problem about postfix trying to use samba4
> and having trouble in slow tree search or auth, without solution.
>
> --
> Grato,
So.. anybody else have this same issue? Slow ldap authentication?
--
Grato,
Jefferson Parreira dos Santos Emerick
2015-01-20 9:52 GMT-02:00 Jefferson Parreira dos Santos Emerick <
jep...@gmail.com>:
> I have many corporate systems that connect to Samba 4 for authentication
> and a considerable number of users and machines that need this
> authentication working well and smoothly.
> I try a java script too, with the same problem.
>
> I found foruns with the same problem about postfix trying to use samba4
> and having trouble in slow tree search or auth, without solution.
>
> --
> Grato,
> Jefferson Parreira dos Santos Emerick
>
>
Allen Chen
Aug 13, 2015, 12:10:04 PM8/13/15
to
server, and I don't see any slow authentication.
This is a production setup.
Allen
--
Allen Chen
Network Administrator
IT
Harbourfront Centre
235 Queens Quay West, Toronto, ON
M5J 2G8, Canada | harbourfrontcentre.com <http://www.harbourfrontcentre.com>
Office: +1 416 973 7973
Cell: +1 416 556 2493
Gabriel Franca
Aug 13, 2015, 1:20:04 PM8/13/15
to
Hi,
force use ipv4 on squid.
external_acl_type NT_group ipv4 %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl
> M5J 2G8, Canada | harbourfrontcentre.com <http://harbourfrontcentre.com/> <http://www.harbourfrontcentre.com <http://www.harbourfrontcentre.com/>>
force use ipv4 on squid.
external_acl_type NT_group ipv4 %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl
> Office: +1 416 973 7973
> Cell: +1 416 556 2493
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
> Cell: +1 416 556 2493
>
>
> --
> To unsubscribe from this list go to the following URL and read the
0 new messages