[Samba] Samba with LDAP - conflict with pam_ldap?
Laurent BLIN
laurent.blin at iemm.univ-montp2.fr
Tue Jun 11 02:19:04 GMT 2002
Thanks for your advices and Yura Pismerov of the Pam_LDAP mailing list.
It appears that this bug occurs when I use "username level = 8" in
the smb.conf file. Lots of request dues to this parameter...
Laurent
Laurent BLIN wrote:
> Laurent Chauvirey wrote:
>
>>> Hi,
>>>
>> Hello
>>
>>> I'm using Samba 2.2.4 with LDAP support (OpenLDAP 2.0.23), and with
>>> pam_ldap included in the rpm nss_ldap 1.86 from Redhat (I'm on Linux
>>> Redhat 7.2).
>>>
>>> All these things are working well (I use the same object SambaAcount
>>> under PosixAccount in order to authenticate all these things), but a
>>> problem appears when I'm trying to list all the accounts and groups
>>> from
>>> my Win2000 Workstation (select a file shared by Samba, security, add).
>>>
>>> Using NIS to authentificate, it takes me less than 1 sec to get all the
>>> users and groupes from Win2000.
>>> Using LDAP (PAM_LDAP), it takes about 1 mn in order to have it.
>>>
>>
>> I had a similar problem (slow lookup with Outlook plugged into my
>> openldap)
>> until I set an index on the attributes used for the requests :
>>
>> -- slapd.conf :
>> ...
>> # Indices to maintain
>> index objectClass eq
>> index uid pres,eq
>> index uidNumber,gidNumber,memberUid,rid eq
>> index mail,cn,sn,givenName eq,sub
>> ...
>>
>
> I have almost the same indexes
>
>>
>>
>>> Looking for LDAP logs, it appears that Samba is looking over and over
>>> again with the same request. Don't know which.
>>>
>>
>> Perhaps the timeout because of the time the request takes... It might
>> depend
>> on your db size.
>>
>
> Samba is looping on the same search in the LDAP base (and uses lots of
> CPU). If I stop Samba, the LDAP search stops. And after a TimeOut,
> Windows displays the users. Even if Samba has been stoped during the
> process
>
>>> I'm using authconfig tool from Redhat to configure pam_ldap and
>>> nss_ldap
>>> (files /etc/pam.d/system-auth, /etc/ldap.conf and /etc/nsswitch.conf).
>>>
>>> Does my problem could be because of using the same object to
>>> authenticate both Samba and Unix, or because of conflicts between samba
>>> and pam_ldap, or something else???
>>>
>>
>> No, I'm doing this also and it's just fine.
>>
> I had the same problem with RPM nss_ldap 1.72 and 1.89, and using
> authconfig rpm 4.1.19-1 (bugged) and 4.1.19-2.
> Wich version of Samba and pam_ldap are you using??? Would you send me
> your /etc/ldap.conf ??
>
> I have in my LDAP tree 2 ou: one for the computers and one for the
> People, so I had to modify the /etc/ldap.conf in order to search
> accounts. Could it be here the problem???
>
>
>
>
More information about the samba
mailing list