[Samba] BDC constantly rebinds to master ldap server causing browsing delay

Dave Lund dlund at ae-solutions.com
Mon Feb 6 13:25:21 MST 2012


Hello,  

 

I seem to be having an issue where one of my BDC servers constantly needs
to rebind to the "master" ldap server (ldap1.ae-solutions.com).  Whenever
this happens I see several entries in the log like this:
"smbldap_search_ext: waiting 928 milliseconds for LDAP replication."  

 

It appears to cause delay when browsing samba shares whenever this
happens.  The master ldap server is at a different WAN site, this BDC does
have a local slave ldap server (ldap1.mpls.ae-solutions.com) that it
should be using instead.  Everything was working correctly before, it
seems to have started after the last yum update I did on this server.

 

Server Info:

 

CentOS 5.7 x64

 

samba3x-3.5.4-0.83.el5_7.2 (updated from samba3x-3.5.4-0.70.el5_6.1)

 

Here is a snippet of the output of "pdbedit -v username"

 

--------------------------------------------------------------------------
-------------------------------------

winbind failed to find a gid for sid
S-1-5-21-112718084-1284083569-2990761952-5055

lookup_global_sam_rid: looking up RID 5055.

smbldap_search_ext: base => [dc=ae-solutions,dc=com], filter =>
[(&(sambaSID=S-1-5-21-112718084-1284083569-2990761952-5055)(objectclass=sa
mbaSamAccount))], scope => [2]

smbldap_search_ext: waiting 921 milliseconds for LDAP replication.

smbldap_search_ext: go on!

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-112718084-1284083569-2990761952-5055] count=0

smbldap_search_ext: base => [dc=ae-solutions,dc=com], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-112718084-1284083569-
2990761952-5055))], scope => [2]

init_group_from_ldap: Entry found for group: 2027

LEGACY: sid S-1-5-21-112718084-1284083569-2990761952-5055 -> gid 2027

pdb_set_group_sid: setting group sid
S-1-5-21-112718084-1284083569-2990761952-5055

Cache entry with key = ACCT_POL/minimum password age couldn't be found

ldapsam_get_account_policy_from_ldap

smbldap_search_ext: base => [sambaDomainName=AEI,dc=ae-solutions,dc=com],
filter => [(objectClass=sambaDomain)], scope => [0]

ldapsam_get_account_policy: failed to retrieve from ldap

ldapsam_set_account_policy_in_ldap

smbldap_modify: dn => [sambaDomainName=AEI,dc=ae-solutions,dc=com]

rebindproc_connect_with_state: Rebinding to
ldap://ldap1.ae-solutions.com/sambaDomainName=AEI,dc=ae-solutions,dc=com
as "cn=Manager,dc=ae-solutions,dc=com"

rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66)

Failed to modify dn: sambaDomainName=AEI,dc=ae-solutions,dc=com, error: 17
(Undefined attribute type) (sambaMinPwdAge: attribute type undefined)

Cache entry with key = ACCT_POL/maximum password age couldn't be found

ldapsam_get_account_policy_from_ldap

smbldap_search_ext: base => [sambaDomainName=AEI,dc=ae-solutions,dc=com],
filter => [(objectClass=sambaDomain)], scope => [0]

smbldap_search_ext: waiting 928 milliseconds for LDAP replication.

smbldap_search_ext: go on!

ldapsam_get_account_policy: failed to retrieve from ldap

ldapsam_set_account_policy_in_ldap

smbldap_modify: dn => [sambaDomainName=AEI,dc=ae-solutions,dc=com]

rebindproc_connect_with_state: Rebinding to
ldap://ldap1.ae-solutions.com/sambaDomainName=AEI,dc=ae-solutions,dc=com
as "cn=Manager,dc=ae-solutions,dc=com"

rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66)

Failed to modify dn: sambaDomainName=AEI,dc=ae-solutions,dc=com, error: 17
(Undefined attribute type) (sambaMaxPwdAge: attribute type undefined)

 

 

Here's the global section of smb.conf on this server:

 

 

[global]

     workgroup = AEI

     server string = 

     passdb backend = ldapsam:ldap://ldap1.mpls.ae-solutions.com

     log level = 10

     log file = /var/log/samba/log.%m

     printcap name = /etc/printcap

     add user script = /usr/sbin/smbldap-useradd -m '%u'

     add group script = /usr/sbin/smbldap-groupadd -p '%g'

     add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'

     delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'

     set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

     add machine script = /usr/sbin/smbldap-useradd -w '%u'

     logon script = %U.bat

     logon path = 

     logon drive = H:

     logon home = \\%L\%U

     domain logons = Yes

     os level = 34

     preferred master = Auto

     domain master = No

     dns proxy = No

     wins server = 10.2.0.2

     ldap admin dn = cn=Manager,dc=ae-solutions,dc=com

     ldap group suffix = ou=Group

     ldap machine suffix = ou=Computers

     ldap passwd sync = yes

     ldap suffix = dc=ae-solutions,dc=com

     ldap ssl = no

     ldap user suffix = ou=People

     invalid users = daemon, sys, adm, lp, smtp, uucp, nuucp, listen,
noaccess, nobody4

 

 

If more info is needed please let me know.

 

Thanks,

 

Dave L.

 

 



More information about the samba mailing list