[Samba] Samba and connections to LDAP timeout
Mikael M. Hansen
mhansen at cs.aau.dk
Fri Dec 1 12:27:05 GMT 2006
Hi
We have an all SAMBA Domain (all samba-3.0.23d) running with two
OpenLDAP servers (2.3.27).
We experience quite a few NT_STATUS_IO_TIMEOUTs when using smbclient.
Windows clients just experience delays (up to several minutes).
I've done some debugging:
On the client i issue:
smbclient -Umhansen //lfs1/mhansen
lfs1 is a domain member server.
On lfs1 (log level 10) i get the following in log.wb-CS.AAU.DK:
[2006/12/01 13:21:08, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
rpc_api_pipe: Remote machine PDC pipe \NETLOGON fnum 0x71f2returned
critical error. Error was Call timed out: server did not respond after
10000 milliseconds
On the PDC (named pdc) we get in the log that matches the lfs1 host:
[2006/12/01 13:20:58, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [dc=cs,dc=aau,dc=dk], filter =>
[(&(uid=mhansen)(objectclass=sambaSamAccount))], s
cope => [2]
[2006/12/01 13:20:58, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:20:59, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:00, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:01, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:02, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:03, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:04, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:05, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:06, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:07, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:08, 10] lib/smbldap.c:smbldap_search_ext(1237)
Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:09, 10] lib/smbldap.c:smb_ldap_setup_conn(632)
Raising it make the errors appear less often. This relates to the
idletimeout on the ldap servers. Changing the idletimeout value to a
lower number makes the errors appear more often. Unfortunately not
including idletimout in the ldap configuration is now an option.
The LDAP servers only have 50-60 active connection (wih the
idletimeout). We have no special settings in smb.conf related to LDAP.
See it at http://www.cs.aau.dk/~mhansen/pdc.smb.conf
Now the question:
How can I affect the behaviour samba has towards the LDAP server so it
does not have any problems contacting the LDAP server?
Shouldn't it just reestablish the connection if it is has beenclosed by
the server. From what I can see i lib/smbldap.c (smbldap_open) it
reopens the connection if it has been closed. But I cannot see if
smbldap_open is actually called before smbldap_search_ext is called in
this case.
Any thoughts or recommendations are greatly appreciated.
--
MVH / Best regards
Mikael M. Hansen
More information about the samba
mailing list