[Samba] Problems with Openldap and nscd
R.J.Baart at Prompt.nl
R.J.Baart at Prompt.nl
Wed Sep 17 10:04:05 GMT 2003
The problem description below is relevant for those who use samba + LDAP. We installed four
Intel Xeon servers with standard SuSE 8.2, samba + ldap. The W2K client complained about
very, very, very slow reponse from the server. Below is we descripe the reasons and the
solution.
We have big problems with openldap version 2.1.12 (standard suse 8.2 rpm) and the name server
cache daemon versiom 2.3.2 (standard suse 8.2 rpm).
We installed 4 Intel servers (Intel server board, Intel Case, Adaptec 2100S Raid controller,
Seaget cheetah disks, Xeon 2400, 1 GB RAM. We updated the BIOS, downloaded all updated
RPM's, etc.
LDAP is used for samba, postfix and courier-imap/pop3. The total configuration is working fine,
except Openldap/NSCD.
The problem was that a server locked after a while. When is not predictable, but more users
caused the problem to be sooner. Further analyses learned that LDAP and NSCD were the
problem. Problems became manifest after addding 3500 account to the LDAP directory. Server
was not working reliable anymore, the W2K clients went home because of the malfunction of
the server.
This problem occurred on 4 locations with the same hard- and softwareconfiguration.
After updating LDAP (removed rpm's and install of latest stable version of openldap)
problems where not disappeared but less.
It became then clear that nscd was also a problem. The daemon caused the problem: the
processlist showed that several instances of nscd were running. But one of the daemons locked
the system: it was not possible to fork a new process. Stopping the nscd caused a locked
server to run inmediatly as it should and user were inmediatly able to work.
On the four locations the nscd is now stopped for one week and there are no problems
anymore. For us it is 100% evident that the nscd is a problem, because starting the daemon again,
sooner or later the server will stop responding (no new processen possible). We also think that
OpenLDAP 2.1.12 is also not working 100% reliable,
Met vriendelijke groet/Regards,
Prompt
R.J. Baart
Marktveldpassage 35c
5261 ED Vught
Netherlands
Mailto:R.J.Baart at Prompt.NL
Http://WWW.Prompt.NL
Tel.: +31 73 6567041
Fax.: +31 73 6573513
More information about the samba
mailing list