tdb_lock failed (was Re: ... domain authentication?)

[Brandon Craig Rhodes]

Following your advice, Andrew, I was able to convince our admins that
we should simply throw all of our servers into the same domain and not
trying to keep the domains separate.  Thanks!

Now we are having extensive problems with performance in the labs we
are attempting to move to domain authentication under Samba-3, because
of contention over the secrets.tdb file from which each thread must
now fetch the SID for our domain controller; errors look like:

 tdb_chainlock_with_timeout_internal: alarm (10) timed out for key <PDC> in tdb /usr/local/samba-3.0.0/private/secrets.tdb

where <PDC> is the name of the primary domain controller.

This is happening in two different labs under both Solaris 2.7 and 2.8
and renders samba-3 essentially unusable.  In one lab we have compiled
Samba with tdb spin locks instead, which solves the problem, but (if I
understand the relevant warnings correctly) makes us vulnerable to an
unusable secrets file if a thread dies while having the file locked.

The /usr/local hierarchy is locally mounted on both systems.

Has anyone else ever seen this?  Meanwhile I suppose I shall try
having to determine who is holding the problem locks.  The lsof
command shows every samba child process (but not the parent) having a
read lock on the secrets file, but does not give details as to where
in the file they are.

Thanks,
-- 
Brandon Craig Rhodes                         http://www.rhodesmill.org/brandon
Georgia Tech                                            brandon at oit.gatech.edu