[Samba] Slow ldap authentication against samba 4

Gabriel Franca gabriel.franca at gmail.com
Thu Aug 13 17:14:56 UTC 2015 

Hi,

force use ipv4 on squid.

external_acl_type NT_group ipv4 %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl


> Em 13/08/2015, à(s) 12:06, Allen Chen <achen at harbourfrontcentre.com> escreveu:
> 
> On 8/13/2015 9:23 AM, Jefferson P. S. Emerick wrote:
>> Good Morning.
>> 
>> So.. anybody else have this same issue? Slow ldap authentication?
>> 
>> --
>> Grato,
>> Jefferson Parreira dos Santos Emerick
>> 
>> 2015-01-20 9:52 GMT-02:00 Jefferson Parreira dos Santos Emerick <
>> jeparre at gmail.com>:
>> 
>>> I have many corporate systems that connect to Samba 4 for authentication
>>> and a considerable number of users and machines that need this
>>> authentication working well and smoothly.
>>> I try a java script too, with the same problem.
>>> 
>>> I found foruns with the same problem about postfix trying to use samba4
>>> and having trouble in slow tree search or auth, without solution.
>>> 
>>> --
>>> Grato,
>>> Jefferson Parreira dos Santos Emerick
>>> 
>>> 2015-01-20 9:42 GMT-02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>> 
>>>> On 20/01/15 11:14, Jefferson Parreira dos Santos Emerick wrote:
>>>> 
>>>>> ​ Yeah.. I wrote a simple script in python to test it. Here is the scrit:
>>>>> 
>>>>> *import ldap*
>>>>> *from threading import Thread*
>>>>> *import time*
>>>>> *import sys*
>>>>> *
>>>>> *
>>>>> *class LDAPTtryThread(Thread):*
>>>>> *
>>>>> *
>>>>> *  def __init__(self, **kwargs):*
>>>>> *      Thread.__init__(self)*
>>>>> *self.id <http://self.id> = kwargs.get('id')*
>>>>> *      self.host = kwargs.get('host')*
>>>>> *      self.username = kwargs.get('username')*
>>>>> *      self.password = kwargs.get('password')*
>>>>> *      self.timeout = kwargs.get('timeout',None)*
>>>>> *
>>>>> *
>>>>> *  def run(self):*
>>>>> *      try:*
>>>>> *          l = ldap.open(self.host)*
>>>>> *          l.protocol_version = ldap.VERSION3*
>>>>> *          l.port = 389*
>>>>> *          if self.timeout:*
>>>>> *              l.set_option(ldap.OPT_TIMEOUT, self.timeout)*
>>>>> *          l.simple_bind_s(self.username, self.password)*
>>>>> *          print '%s OK' %self.id <http://self.id>*
>>>>> *      except ldap.LDAPError, e:*
>>>>> *          print '%s FAIL' %self.id <http://self.id>, e*
>>>>> *
>>>>> *
>>>>> *for i in range(int(sys.argv[4])):*
>>>>> *  timeout = None*
>>>>> *  if len(sys.argv) > 5:*
>>>>> *      timeout = int(sys.argv[5])*
>>>>> *  LDAPTesteThread(*
>>>>> *      id=i, host=sys.argv[1], username=sys.argv[2],
>>>>> password=sys.argv[3],timeout=timeout).start()*
>>>>>>>>>> 
>>>>> 
>>>> Hmm, no idea if that is part of the problem or not, to me python is a
>>>> snake :-D
>>>> 
>>>> Why do you want to use ldap authentication ?
>>>> 
>>>> Do you have some specific programs that you want to connect to AD ?
>>>> 
>>>> 
>>>> Rowland
>>>> 
>>>> 
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>> 
>>> 
> 
> I configured squid-cache proxy server to use Samba4 AD DC as the ldap server, and I don't see any slow authentication.
> This is a production setup.
> 
> Allen
> 
> -- 
> Allen Chen
> Network Administrator
> IT
> 
> Harbourfront Centre
> 
> 235 Queens Quay West, Toronto, ON
> M5J 2G8, Canada | harbourfrontcentre.com <http://harbourfrontcentre.com/> <http://www.harbourfrontcentre.com <http://www.harbourfrontcentre.com/>>
> Office: +1 416 973 7973
> Cell: +1 416 556 2493
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>

More information about the samba mailing list