[Samba] Problems with Openldap and nscd

R.J.Baart at Prompt.nl R.J.Baart at Prompt.nl
Wed Sep 17 10:04:05 GMT 2003 

The problem description below is relevant for those who use samba + LDAP. We installed four 
Intel Xeon servers with standard SuSE 8.2, samba + ldap. The W2K client complained about 
very, very, very slow reponse from the server. Below is we descripe the reasons and the 
solution.

We have big problems with openldap version 2.1.12 (standard suse 8.2 rpm) and the name server 
cache daemon  versiom 2.3.2 (standard suse 8.2 rpm). 
We installed 4 Intel servers (Intel server board, Intel Case, Adaptec 2100S Raid controller, 
Seaget cheetah disks, Xeon 2400, 1 GB RAM. We updated the BIOS, downloaded all updated 
RPM's, etc.

LDAP is used for samba, postfix and courier-imap/pop3. The total configuration is working fine, 
except Openldap/NSCD.

The problem was that a server locked after a while. When is not predictable, but more users 
caused the problem to be sooner. Further analyses learned that LDAP and NSCD were the 
problem. Problems became manifest after addding 3500 account to the LDAP directory. Server 
was not working reliable anymore, the W2K clients went home because of the malfunction of 
the server.

This problem occurred on 4 locations with the same hard- and softwareconfiguration.

After updating LDAP (removed rpm's and install of latest stable version of openldap) 
problems where not disappeared but less.
It became then clear that nscd was also a problem. The daemon caused the problem: the 
processlist showed that several instances of nscd were running. But one of the daemons locked 
the system: it was not possible to fork a new process. Stopping the nscd caused a locked 
server to run inmediatly as it should and user were inmediatly able to work.

On the four locations the nscd is now stopped for one week and there are no problems 
anymore.  For us it is 100% evident that the nscd is a problem, because starting the daemon again, 
sooner or later the server will stop responding (no new processen possible). We also think that 
OpenLDAP 2.1.12 is also not working 100% reliable,



Met vriendelijke groet/Regards,
Prompt
R.J. Baart

Marktveldpassage 35c
5261 ED Vught
Netherlands
Mailto:R.J.Baart at Prompt.NL
Http://WWW.Prompt.NL
Tel.: +31 73 6567041                          
Fax.: +31 73 6573513

More information about the samba mailing list