samba_2_2 sambatest (security=server) and ldap performance
Andrew Bartlett
abartlet at samba.org
Thu Oct 31 10:45:02 GMT 2002
On Thu, Oct 31, 2002 at 11:33:15AM +0100, Ignacio Coupeau wrote:
> We have several samba printservers and fileservers with
> "security=server" validating against several PDC with ldap (samba 2.2.6).
>
> I found a lot of ldap request like:
> (uid=SAMBATESTPSERVER04)
> beating the ldap servers: one before *each* validation in every print
> job or share session.
>
> I found this is related with a security issue as Jeremy says in the
> server_validate() function.
>
> To avoid this I tried to use security=domain because server_validate()
> is called by check_server_security(), but our servers joined to the
> domain-asigned likes very much ask to the neighborn PDC as
> "security=server" than their domain-asigned-server (perhaps the
> subneting, or so... is a big and complex network).
>
> The question is if I can skip the code around
> "if(!tested_password_server) {"
> to avoid the calls to ldap and if it is safe.
>
> We are using only samba servers.
You could, but you really don't want to. Security=server
is really nasty. Fix whatever is causing Samba to pick the
wrong DC for secruity=domain. You can still specify the
server to use.
Andrew Bartlett
More information about the samba-technical
mailing list