[Samba] Samba with LDAP - conflict with pam_ldap?

Laurent BLIN laurent.blin at iemm.univ-montp2.fr
Tue Jun 11 02:19:04 GMT 2002 

Thanks for your advices and Yura Pismerov of the Pam_LDAP mailing list. 
It appears that this bug occurs when I use     "username level = 8" in 
the smb.conf file. Lots of request dues to this parameter...


  Laurent


Laurent BLIN wrote:

> Laurent Chauvirey wrote:
>
>>> Hi,
>>>
>> Hello
>>
>>> I'm using Samba 2.2.4 with LDAP support (OpenLDAP 2.0.23), and with
>>> pam_ldap included in the rpm nss_ldap 1.86 from Redhat (I'm on Linux
>>> Redhat 7.2).
>>>
>>> All these things are working well (I use the same object SambaAcount
>>> under PosixAccount in order to authenticate all these things), but a
>>> problem appears when I'm trying to list all the accounts and groups 
>>> from
>>> my Win2000 Workstation (select a file shared by Samba, security, add).
>>>
>>> Using NIS to authentificate, it takes me less than 1 sec to get all the
>>> users and groupes from Win2000.
>>> Using LDAP (PAM_LDAP), it takes about 1 mn in order to have it.
>>>
>>
>> I had a similar problem (slow lookup with Outlook plugged into my 
>> openldap)
>> until I set an index on the attributes used for the requests :
>>
>> -- slapd.conf :
>> ...
>> # Indices to maintain
>> index   objectClass                             eq
>> index   uid                                     pres,eq
>> index   uidNumber,gidNumber,memberUid,rid       eq
>> index   mail,cn,sn,givenName                    eq,sub
>> ...
>>
>
> I have almost the same indexes
>
>>
>>
>>> Looking for LDAP logs, it appears that Samba is looking over and over
>>> again with the same request. Don't know which.
>>>
>>
>> Perhaps the timeout because of the time the request takes... It might 
>> depend
>> on your db size.
>>
>
> Samba is looping on the same search in the LDAP base (and uses lots of 
> CPU). If I stop Samba, the LDAP search stops. And after a TimeOut, 
> Windows displays the users. Even if Samba has been stoped during the 
> process
>
>>> I'm using authconfig tool from Redhat to configure pam_ldap and 
>>> nss_ldap
>>> (files /etc/pam.d/system-auth, /etc/ldap.conf and /etc/nsswitch.conf).
>>>
>>> Does my problem could be because of using the same object to
>>> authenticate both Samba and Unix, or because of conflicts between samba
>>> and pam_ldap, or something else???
>>>
>>
>> No, I'm doing this also and it's just fine.
>>
> I had the same problem with RPM nss_ldap 1.72 and 1.89, and using 
> authconfig rpm 4.1.19-1 (bugged) and 4.1.19-2.
> Wich version of Samba and pam_ldap are you using??? Would you send me 
> your /etc/ldap.conf ??
>
> I have in my LDAP tree 2 ou: one for the computers and one for the 
> People, so I had to modify the /etc/ldap.conf in order to search 
> accounts. Could it be here the problem???
>
>
>
>

More information about the samba mailing list