[Samba] Samba and connections to LDAP timeout

Mikael M. Hansen mhansen at cs.aau.dk
Fri Dec 1 12:27:05 GMT 2006


Hi

We have an all SAMBA Domain (all samba-3.0.23d) running with two
OpenLDAP servers (2.3.27).

We experience quite a few NT_STATUS_IO_TIMEOUTs when using smbclient.
Windows clients just experience delays (up to several minutes).

I've done some debugging:

On the client i issue:
smbclient -Umhansen //lfs1/mhansen

lfs1 is a domain member server.

On lfs1 (log level 10) i get the following in log.wb-CS.AAU.DK:

[2006/12/01 13:21:08, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine PDC pipe \NETLOGON fnum 0x71f2returned
critical error. Error was Call timed out: server did not respond after
10000 milliseconds


On the PDC (named pdc) we get in the log that matches the lfs1 host:

[2006/12/01 13:20:58, 5] lib/smbldap.c:smbldap_search_ext(1179)
  smbldap_search_ext: base => [dc=cs,dc=aau,dc=dk], filter =>
[(&(uid=mhansen)(objectclass=sambaSamAccount))], s
cope => [2]
[2006/12/01 13:20:58, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:20:59, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:00, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:01, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:02, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:03, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:04, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:05, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:06, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:07, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:08, 10] lib/smbldap.c:smbldap_search_ext(1237)
  Failed search for base: dc=cs,dc=aau,dc=dk, error: Can't contact LDAP
server ()
[2006/12/01 13:21:09, 10] lib/smbldap.c:smb_ldap_setup_conn(632)

 Raising it make the errors appear less often. This relates to the
idletimeout on the ldap servers. Changing the idletimeout value to a
lower number makes the errors appear more often. Unfortunately not
including idletimout in the ldap configuration is now an option.


The LDAP servers only have 50-60 active connection (wih the
idletimeout). We have no special settings in smb.conf related to LDAP.
See it at http://www.cs.aau.dk/~mhansen/pdc.smb.conf

Now the question:

How can I affect the behaviour samba has towards the LDAP server so it
does not have any problems contacting the LDAP server?

Shouldn't it just reestablish the connection if it is has beenclosed by
the server. From what I can see i lib/smbldap.c (smbldap_open) it
reopens the connection if it has been closed. But I cannot see if
smbldap_open is actually called before smbldap_search_ext is called in
this case.

Any thoughts or recommendations are greatly appreciated.

-- 
MVH / Best regards

Mikael M. Hansen             	



More information about the samba mailing list