[Samba] Too much init_sam_from_ldap...

Bruno MACADRE bruno.macadre at univ-rouen.fr
Wed Sep 30 03:42:50 MDT 2009 

Bruno MACADRE a écrit :
> Hi !
> 
>    I'm working in a educational administration, i've made a domain with
> a Samba 3.4.1 PDC with a LDAP backend. When a user log into an XP
> Workstation, i see in the log file a lot of "init_sam_from_ldap". In
> fact, instead of scanning only the user who try to connect, a lot of
> them are scanned. I've got about 600 account into the LDAP so the time
> needed by the user to connect into the workstation is a little increased.
> 
>    The problem is also more important when i've pratices sessions
> because i've between 16 and 64 users that try to log onto the domain at
> the same time. I see "init_sam_from_ldap" into all of workstation log
> files (on the samba server) and the load average of the LDAP server
> increase dramatically... On a practice session with only 16 users
> connecting at the same time, the elapsed time before the user can "use"
> his workstation is between 5 and 10 minutes !!! When only 1 user try to
> connect (from the same workstation) the time is lesser than 20 seconds...
> 
>    How can I stop (or limit) all of this "init_sam_from_ldap...", to let
> all of my students working properly ??
> 
>    Thanks by advance,
>    Bruno
> 
> Following : Usefull informations
> 
> * Sample of workstation SAMBA logfile :
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: benoijod
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
> [2009/09/29 19:13:34,  3] smbd/uid.c:428(push_conn_ctx)
>  push_conn_ctx(102) : conn_ctx_stack_ndx = 2
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
>  pop_sec_ctx (12268, 10000) - sec_ctx_stack_ndx = 0
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>  push_sec_ctx(12268, 10000) : sec_ctx_stack_ndx = 1
> [2009/09/29 19:13:34,  3] smbd/uid.c:428(push_conn_ctx)
>  push_conn_ctx(102) : conn_ctx_stack_ndx = 0
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:210(push_sec_ctx)
>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2009/09/29 19:13:34,  3] smbd/uid.c:428(push_conn_ctx)
>  push_conn_ctx(102) : conn_ctx_stack_ndx = 1
> [2009/09/29 19:13:34,  3] smbd/sec_ctx.c:310(set_sec_ctx)
>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: chevamic
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: delapmic
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: demarjoh
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: ouldbahm
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: molinste
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: baerrud
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: brihifay
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: chomacam
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: colomben
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: ducroant
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: ouldmyou
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: mokadabd
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: antiomar
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: andrirad
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: aprilame
> ...
> [2009/09/29 19:13:34,  2] passdb/pdb_ldap.c:571(init_sam_from_ldap)
>  init_sam_from_ldap: Entry found for user: duperjon
> ...
> ...
> ...
> 
> * The LDAP Server : DELL PowerEdge 2950 with 2x QuadCore and 4Gb Memory
> * The SAMBA PDC : DELL PowerEdge 1950 with 2x QuadCore and 4Gb Memory
> 
> 
> PS: Sorry for my poor english :-)
> 

I investigate a little more since my last mail :

I've downgraded my SAMBA 3.4.1 to SAMBA 3.3.7 the problem is the same.
For each connexion SAMBA scan ALL the LDAP !!!

I clean a workstation log file, connect to this workstation and go to
the server and type :
 # grep "init_sam_from_ldap:" log.WORKSTATION_NAME | wc -l
I've got the answer : 551

551 is about the number of account in my LDAP... The problem is here !!

My question is : Why SAMBA need to scan entirely the LDAP to connect
only one user ?? (this behavior is the same with all user on all
workstation)

I think this is a bug. So i will try some other tests and open a bug...

Regards,
Bruno.

More information about the samba mailing list