[Samba] Active Directory authentication very slow (winbind/PAM)

Frank Gruman fgatwork at verizon.net
Thu Jun 9 18:12:20 GMT 2005

Hello all,

Apache 2.0.54
Samba 3.0.9-2.6-SUSE
PAM 0.77

I have been using Linux for a while on the side, and am now taking 
advantage of my position to try to implement a test server.  I am the 
technical product and network lead in my department with a higher MIS 
group that dictates global network access.  They do not want to change 
any of the existing ADS network to accomodate my small Linux setup, so I 
am not able to setup LDAP for authentication (they won't provide the ADS 
LDAP address or attributes).  I am trying to setup a web server to allow 
access to some applications I am hosting (Subversion, ViewCVS) on this 
server, and want the users to be able to authenticate to their ADS 
accounts.  To get there, I have set up winbind using pam_winbind and in 
Apache, mod_auth_pam.

I have Samba authenticating to a medium-sized Windows 2000 Active 
Directory domain (approx 5000 users).  The authentication times are 
ranging from 15 to 30 seconds, and when trying to win acceptance for 
Linux as a stable server platform / file and development code 
repository, this performance is unacceptable to many of my peers.  It is 
the same whether they authenticate through the Apache engine or if I add 
authentication to the xdm config and I login to KDE, or even from 
command line.

Anyone have any ideas or better ways of doing this?


More information about the samba mailing list