[Samba] Samba with LDAP - conflict with pam_ldap?

Laurent BLIN laurent.blin at iemm.univ-montp2.fr
Tue Jun 11 02:07:02 GMT 2002

Laurent Chauvirey wrote:

>>I'm using Samba 2.2.4 with LDAP support (OpenLDAP 2.0.23), and with
>>pam_ldap included in the rpm nss_ldap 1.86 from Redhat (I'm on Linux
>>Redhat 7.2).
>>All these things are working well (I use the same object SambaAcount
>>under PosixAccount in order to authenticate all these things), but a
>>problem appears when I'm trying to list all the accounts and groups from
>>my Win2000 Workstation (select a file shared by Samba, security, add).
>>Using NIS to authentificate, it takes me less than 1 sec to get all the
>>users and groupes from Win2000.
>>Using LDAP (PAM_LDAP), it takes about 1 mn in order to have it.
>I had a similar problem (slow lookup with Outlook plugged into my openldap)
>until I set an index on the attributes used for the requests :
>-- slapd.conf :
># Indices to maintain
>index   objectClass                             eq
>index   uid                                     pres,eq
>index   uidNumber,gidNumber,memberUid,rid       eq
>index   mail,cn,sn,givenName                    eq,sub

I have almost the same indexes

>>Looking for LDAP logs, it appears that Samba is looking over and over
>>again with the same request. Don't know which.
>Perhaps the timeout because of the time the request takes... It might depend
>on your db size.

Samba is looping on the same search in the LDAP base (and uses lots of 
CPU). If I stop Samba, the LDAP search stops. And after a TimeOut, 
Windows displays the users. Even if Samba has been stoped during the process

>>I'm using authconfig tool from Redhat to configure pam_ldap and nss_ldap
>>(files /etc/pam.d/system-auth, /etc/ldap.conf and /etc/nsswitch.conf).
>>Does my problem could be because of using the same object to
>>authenticate both Samba and Unix, or because of conflicts between samba
>>and pam_ldap, or something else???
>No, I'm doing this also and it's just fine.
I had the same problem with RPM nss_ldap 1.72 and 1.89, and using 
authconfig rpm 4.1.19-1 (bugged) and 4.1.19-2.
Wich version of Samba and pam_ldap are you using??? Would you send me 
your /etc/ldap.conf ??

I have in my LDAP tree 2 ou: one for the computers and one for the 
People, so I had to modify the /etc/ldap.conf in order to search 
accounts. Could it be here the problem???

More information about the samba mailing list