tdb_lock failed (was Re: ... domain authentication?)
Andrew Bartlett
abartlet at samba.org
Tue Oct 28 00:04:29 GMT 2003
On Tue, 2003-10-28 at 07:29, Brandon Craig Rhodes wrote:
> Following your advice, Andrew, I was able to convince our admins that
> we should simply throw all of our servers into the same domain and not
> trying to keep the domains separate. Thanks!
>
> Now we are having extensive problems with performance in the labs we
> are attempting to move to domain authentication under Samba-3, because
> of contention over the secrets.tdb file from which each thread must
> now fetch the SID for our domain controller; errors look like:
>
> tdb_chainlock_with_timeout_internal: alarm (10) timed out for key <PDC> in tdb /usr/local/samba-3.0.0/private/secrets.tdb
>
> where <PDC> is the name of the primary domain controller.
If you start winbindd on these systems, you might mitigate part of the
problem, short-term. (The bug is real, and in solaris a per jra's
comments). Winbind will handle the connection to the DC, rather than
each smbd. It's much faster this way too.
You don't need to be using winbindd in nsswitch or PAM to take advantage
of this.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031028/59999d76/attachment.bin
More information about the samba-technical
mailing list