[Samba] Samba with LDAP - conflict with pam_ldap?

Tue Jun 11 01:57:02 GMT 2002

>
> Hi,
Hello

>
> I'm using Samba 2.2.4 with LDAP support (OpenLDAP 2.0.23), and with
> pam_ldap included in the rpm nss_ldap 1.86 from Redhat (I'm on Linux
> Redhat 7.2).
>
> All these things are working well (I use the same object SambaAcount
> under PosixAccount in order to authenticate all these things), but a
> problem appears when I'm trying to list all the accounts and groups from
> my Win2000 Workstation (select a file shared by Samba, security, add).
>
> Using NIS to authentificate, it takes me less than 1 sec to get all the
> users and groupes from Win2000.
> Using LDAP (PAM_LDAP), it takes about 1 mn in order to have it.

I had a similar problem (slow lookup with Outlook plugged into my openldap)
until I set an index on the attributes used for the requests :

-- slapd.conf :
...
# Indices to maintain
index   objectClass                             eq
index   uid                                     pres,eq
index   uidNumber,gidNumber,memberUid,rid       eq
index   mail,cn,sn,givenName                    eq,sub
...

>
> Looking for LDAP logs, it appears that Samba is looking over and over
> again with the same request. Don't know which.

Perhaps the timeout because of the time the request takes... It might depend
on your db size.

>
> I'm using authconfig tool from Redhat to configure pam_ldap and nss_ldap
> (files /etc/pam.d/system-auth, /etc/ldap.conf and /etc/nsswitch.conf).
>
> Does my problem could be because of using the same object to
> authenticate both Samba and Unix, or because of conflicts between samba
> and pam_ldap, or something else???

No, I'm doing this also and it's just fine.

>
> When I try to do the same thing using PAM_LDAP instead of NIS, it works
> fine until I restart the Samba server.

Seems to prove Samba is not the cause of your problem.

Laurent C.