[Samba] Samba and ISA Server

Julien Bordet Julien.Bordet at intrinsec.com
Thu Jul 29 13:30:20 GMT 2004 

Hi everybody,
 
I have a Samba 3.0.4 PDC configured on my network. Previously, there was a Windows NT 4 PDC, that was migrated to my Samba / OpenLDAP configuration.
 
Everything is working fine, except our ISA Server.
 
Indeed, ISA Server was previously configured to let users that belong to the "Internet Access" group to surf. During the migration phase, we did not change anything.
 
Now it works, but very very slowly, and by far slower than before the migration.
 
Tracing the network data between the ISA server and the Samba Server, and having a look at the openLDAP log file make me think that ISA Server tries to authenticate user for each request, and not once per session. Indeed, I've got much network traffic, lots a LDAP requests like that :
 
Jul 29 15:22:36 ldap slapd[25440]: conn=2 op=2222 SRCH base="dc=test,dc=fr" scope=2 filter="(&(uid=USER1)(objectClass=sambaSamAccount))"
 
and much load on the server, because of slapd processes. If I turn off ISA server, everything is OK and normal.
 
So is NTLM authentication different in Samba than in Windows NT PDC ? What would you advise me ?
 
Many thanks
 
Julien

------------------------------------------------------
My smb.conf file :
 

[Global]
workgroup = RUEIL1
netbios name = LDAP
server string = SAMBA-LDAP PDC
username map = /etc/samba/smbusers
encrypt passwords = yes
interfaces = 172.16.0.115/16
domain logons = Yes
os level = 65
domain master = Yes
local master = Yes
preferred master = Yes
security = user
wins support = Yes
name resolve order = wins bcast lmhosts host
admin users = install administrateur
passdb backend = ldapsam:ldap://localhost
ldap admin dn = "cn=samba,ou=DSA,dc=mairie-rueilmalmaison,dc=fr"
ldap ssl = off
ldap delete dn = yes
ldap user suffix = ou=Utilisateurs
ldap group suffix = ou=Groupes
ldap machine suffix = ou=Machines
ldap suffix = dc=mairie-rueilmalmaison,dc=fr
ldap idmap suffix = ou=Utilisateurs
ldap passwd sync = yes
Dos charset = 850
Unix charset = ISO8859-1
log level = 1
#log level = 3
log file = /var/log/samba/%m.log
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE IPTOS_LOWDELAY
logon script = logon.bat
logon drive = H:
logon home =
logon path =
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
[homes]
comment = Répertoires utilisateurs
valid users = %U
read only = No
create mask = 0664
directory mask = 0775
browseable = No
[netlogon]
path = /var/lib/samba/netlogon
browseable = No
read only = Yes

More information about the samba mailing list