[Samba] Active Directory authentication very slow (winbind/PAM)
Frank Gruman
fgatwork at verizon.net
Thu Jun 9 18:12:20 GMT 2005
Hello all,
SLES9
Apache 2.0.54
Samba 3.0.9-2.6-SUSE
PAM 0.77
I have been using Linux for a while on the side, and am now taking
advantage of my position to try to implement a test server. I am the
technical product and network lead in my department with a higher MIS
group that dictates global network access. They do not want to change
any of the existing ADS network to accomodate my small Linux setup, so I
am not able to setup LDAP for authentication (they won't provide the ADS
LDAP address or attributes). I am trying to setup a web server to allow
access to some applications I am hosting (Subversion, ViewCVS) on this
server, and want the users to be able to authenticate to their ADS
accounts. To get there, I have set up winbind using pam_winbind and in
Apache, mod_auth_pam.
I have Samba authenticating to a medium-sized Windows 2000 Active
Directory domain (approx 5000 users). The authentication times are
ranging from 15 to 30 seconds, and when trying to win acceptance for
Linux as a stable server platform / file and development code
repository, this performance is unacceptable to many of my peers. It is
the same whether they authenticate through the Apache engine or if I add
authentication to the xdm config and I login to KDE, or even from
command line.
Anyone have any ideas or better ways of doing this?
Regards,
Frank
More information about the samba
mailing list