[Samba] Too much init_sam_from_ldap...

Bruno MACADRE bruno.macadre at univ-rouen.fr
Tue Sep 29 14:23:17 MDT 2009 

Hi !

    I'm working in a educational administration, i've made a domain with 
a Samba 3.4.1 PDC with a LDAP backend. When a user log into an XP 
Workstation, i see in the log file a lot of "init_sam_from_ldap". In 
fact, instead of scanning only the user who try to connect, a lot of 
them are scanned. I've got about 600 account into the LDAP so the time 
needed by the user to connect into the workstation is a little increased.

    The problem is also more important when i've pratices sessions 
because i've between 16 and 64 users that try to log onto the domain at 
the same time. I see "init_sam_from_ldap" into all of workstation log 
files (on the samba server) and the load average of the LDAP server 
increase dramatically... On a practice session with only 16 users 
connecting at the same time, the elapsed time before the user can "use" 
his workstation is between 5 and 10 minutes !!! When only 1 user try to 
connect (from the same workstation) the time is lesser than 20 seconds...

    How can I stop (or limit) all of this "init_sam_from_ldap...", to 
let all of my students working properly ??

    Thanks by advance,
    Bruno

Following : Usefull informations

* Sample of workstation SAMBA logfile :
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: benoijod
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2009/09/29 19:13:34,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(102) : conn_ctx_stack_ndx = 2
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (12268, 10000) - sec_ctx_stack_ndx = 0
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(12268, 10000) : sec_ctx_stack_ndx = 1
[2009/09/29 19:13:34,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(102) : conn_ctx_stack_ndx = 0
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/09/29 19:13:34,  3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(102) : conn_ctx_stack_ndx = 1
[2009/09/29 19:13:34,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: chevamic
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: delapmic
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: demarjoh
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: ouldbahm
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: molinste
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: baerrud
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: brihifay
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: chomacam
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: colomben
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: ducroant
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: ouldmyou
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: mokadabd
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: antiomar
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: andrirad
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: aprilame
...
[2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: duperjon
...
...
...

* The LDAP Server : DELL PowerEdge 2950 with 2x QuadCore and 4Gb Memory
* The SAMBA PDC : DELL PowerEdge 1950 with 2x QuadCore and 4Gb Memory


PS: Sorry for my poor english :-)

More information about the samba mailing list