[Samba] Samba and ISA Server
Umberto Zanatta
uzanatta at provincia.treviso.it
Thu Jul 29 13:54:34 GMT 2004
Your ISA server is searching USER1 on ldap server.
Did you migrate all users?
You should try:
# ldapsearch -x -W -D 'cn=admin,dc=test,dc=fr" uid=USER1
or
# ldapsearch -w -D -D 'cn=admin,dc=test,dc=fr" > all.ldif. it will make
a text file with all information about your ldap db.
where cn=admin,dc=test,dc=fr is your admin user in ldap system (look at
slapd.conf) (binddn)
On request give your bind ldap password.
Il gio, 2004-07-29 alle 15:30, Julien Bordet ha scritto:
> Hi everybody,
>
> I have a Samba 3.0.4 PDC configured on my network. Previously, there was a Windows NT 4 PDC, that was migrated to my Samba / OpenLDAP configuration.
>
> Everything is working fine, except our ISA Server.
>
> Indeed, ISA Server was previously configured to let users that belong to the "Internet Access" group to surf. During the migration phase, we did not change anything.
>
> Now it works, but very very slowly, and by far slower than before the migration.
>
> Tracing the network data between the ISA server and the Samba Server, and having a look at the openLDAP log file make me think that ISA Server tries to authenticate user for each request, and not once per session. Indeed, I've got much network traffic, lots a LDAP requests like that :
>
> Jul 29 15:22:36 ldap slapd[25440]: conn=2 op=2222 SRCH base="dc=test,dc=fr" scope=2 filter="(&(uid=USER1)(objectClass=sambaSamAccount))"
>
> and much load on the server, because of slapd processes. If I turn off ISA server, everything is OK and normal.
>
> So is NTLM authentication different in Samba than in Windows NT PDC ? What would you advise me ?
>
> Many thanks
>
> Julien
>
> ------------------------------------------------------
> My smb.conf file :
>
>
> [Global]
> workgroup = RUEIL1
> netbios name = LDAP
> server string = SAMBA-LDAP PDC
> username map = /etc/samba/smbusers
> encrypt passwords = yes
> interfaces = 172.16.0.115/16
> domain logons = Yes
> os level = 65
> domain master = Yes
> local master = Yes
> preferred master = Yes
> security = user
> wins support = Yes
> name resolve order = wins bcast lmhosts host
> admin users = install administrateur
> passdb backend = ldapsam:ldap://localhost
> ldap admin dn = "cn=samba,ou=DSA,dc=mairie-rueilmalmaison,dc=fr"
> ldap ssl = off
> ldap delete dn = yes
> ldap user suffix = ou=Utilisateurs
> ldap group suffix = ou=Groupes
> ldap machine suffix = ou=Machines
> ldap suffix = dc=mairie-rueilmalmaison,dc=fr
> ldap idmap suffix = ou=Utilisateurs
> ldap passwd sync = yes
> Dos charset = 850
> Unix charset = ISO8859-1
> log level = 1
> #log level = 3
> log file = /var/log/samba/%m.log
> max log size = 100000
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE IPTOS_LOWDELAY
> logon script = logon.bat
> logon drive = H:
> logon home =
> logon path =
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
> #delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
> [homes]
> comment = Répertoires utilisateurs
> valid users = %U
> read only = No
> create mask = 0664
> directory mask = 0775
> browseable = No
> [netlogon]
> path = /var/lib/samba/netlogon
> browseable = No
> read only = Yes
>
>
>
>
> ______________________________________________________________________
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
_______________________
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: umberto.z at tin.it
web: http://linuxdidattica.org
_______________________
More information about the samba
mailing list