[Samba] login (W2K) takes very long

Wolfgang Pichler madmin at dialog-telekom.at
Wed May 28 15:12:49 GMT 2003 

hi,

i've configured samba-2.2.5 and openldap2-2.1.4 with the help of the
howto avaible at idealx. I can add users / delete them - login in pver
ssh - get the right groups and id's... - nearly everything works.

But when i try to login with a W2K Workstation (havn't tested other
OS'es) then i can type in the username/password - then it takes about 5
minutes (you can still see the username/password dialog grayed) and then
it tells me that it couldn't load my profile. I have the right
permissions set at the profile directory.

in the ldap.log file i get such messages:
May 28 16:01:54 zion slapd[18348]: <= bdb_equality_candidates:
index_param failed (18)
May 28 16:01:57 zion last message repeated 7 times
May 28 16:04:11 zion slapd[18348]: <= bdb_equality_candidates:
index_param failed (18)

why ?

is it a failure with the indexes in sldap.conf ?
i have:

index   objectClass     eq
index   default         sub
index uid           pres,eq
## support pdb_getsampwrid()
index rid           eq
## posixGroup entries in the directory as well
index uidNumber     eq
index gidNumber     eq
index cn            eq
index memberUid     eq


in the log.smbd i get:
[2003/05/28 16:06:00, 2] smbd/reply.c:reply_special(92)
  netbios connect: name1=ZION             name2=NOMICRO
[2003/05/28 16:06:00, 2] smbd/reply.c:reply_special(111)
  netbios connect: local=zion remote=nomicro
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_open_connection(226)
  ldap_open_connection: connection opened
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_connect_system(260)
  ldap_connect_system: succesful connection to the LDAP server
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_search_one_user(272)
  ldap_search_one_user: searching
for:[(&(uid=nomicro$)(objectclass=sambaAccount))]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [uid] = [nomicro$]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(505)
  Entry found for user: nomicro$
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [pwdLastSet] = [1053939659]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [logonTime] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [logoffTime] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [kickoffTime] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [pwdCanChange] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [pwdMustChange] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [cn] = [NOMICRO$]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
  get_single_attribute: [homeDrive] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
  get_single_attribute: [smbHome] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
  get_single_attribute: [scriptPath] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
  get_single_attribute: [profilePath] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [description] = [Computer]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
  get_single_attribute: [userWorkstations] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [rid] = [3000]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [primaryGroupID] = [2007]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [lmPassword] = [xxxxxxxxxxxxxxxxxxxx]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [ntPassword] = [xxxxxxxxxxxxxxxxxxxx]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [acctFlags] = [[W          ]]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_open_connection(226)
  ldap_open_connection: connection opened
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_connect_system(260)
  ldap_connect_system: succesful connection to the LDAP server
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:ldap_search_one_user(272)
  ldap_search_one_user: searching
for:[(&(uid=pichler)(objectclass=sambaAccount))]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [uid] = [pichler]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(505)
  Entry found for user: pichler
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [pwdLastSet] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [logonTime] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [logoffTime] = [2147483647]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [kickoffTime] = [2147483647]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [pwdCanChange] = [0]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [pwdMustChange] = [2147483647]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [cn] = [pichler]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [homeDrive] = [U:]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [smbHome] = [\\zion\homes]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [scriptPath] = [\\zion\netlogon\logon.bat]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [profilePath] = [\\zion\profiles\pichler]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [description] = [System User]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(364)
  get_single_attribute: [userWorkstations] = [<does not exist>]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [rid] = [3004]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [primaryGroupID] = [2005]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [lmPassword] =
[2E0596A8013A92C49C5014AE4718A7EE]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [ntPassword] =
[AAD2C3A87B2A40EE3A63E88AA374B116]
[2003/05/28 16:06:00, 2] passdb/pdb_ldap.c:get_single_attribute(370)
  get_single_attribute: [acctFlags] = [[UX         ]]

and after this message the long waiting period cames

i have also on the same subnet another pdc running (the old one which i
am trying to replace - its a WinNT machine) - could it be that this
machine causes the troubles ?

my smb.conf:
[global]
        workgroup = DIALOG-TELEKOM
        netbios name = ZION
        interfaces = eth0 172.16.0.27/24
        bind interfaces only = Yes
        security = user
        encrypt passwords = Yes
        username map = /etc/samba/usermap
        log level = 2
        syslog = 0
        time server = Yes
        unix extensions = Yes
        kernel oplocks = Yes
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        printcap name = CUPS
        add user script = /usr/sbin/smbldap-useradd.pl -w %u
        logon path = \\%N\profiles\%u
        logon script = logon.bat
        unix password sync = Yes
        passwd program = /usr/sbin/smbldap-passwd.pl -o %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*successfully*
        logon drive = U:
        domain logons = Yes
        os level = 255
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        printing = cups
        veto files = /*.eml/*.nws/riched20.dll/*.{*}/
        browseable = No
        guest account = smbguest
        domain admin group = @smbadmin
        admin users = @smbadmin
        printer admin = @smbadmin
        # ldap parameters
        ldap admin dn   = "cn=administrator,dc=dialog-telekom,dc=at"
        ldap server     = localhost
        ldap ssl        = No
        ldap port       = 389
        ldap suffix     = "dc=dialog-telekom,dc=at"
        character set = iso8859-1
 
[netlogon]
        path = /home/samba/netlogon
        write list = administrator
        guest ok = yes
 
[profiles]
        path = /home/samba/profiles
        writeable = yes
        read only = No
        create mode = 0644
        directory mode = 0755
        guest ok = Yes
        browseable = no
 
[homes]
        comment = Home Directory
        valid users = %S
        read only = No
        create mask = 0664
        directory mask = 0775
 
do you need some more informations ?

mfG
Wolfi

More information about the samba mailing list