[Samba] net ads and wbinfo are painfully slow -- but they work
Rowland Penny
rpenny at samba.org
Tue Jan 31 22:45:11 UTC 2017
On Tue, 31 Jan 2017 14:24:09 -0800
Chris Stankevitz <chrisstankevitz at gmail.com> wrote:
> On Tue, Jan 31, 2017 at 12:36 PM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > time net ads testjoin
> > Join is OK
> >
> > real 0m0.476s
> > user 0m0.108s
> > sys 0m0.008s
>
> Yes, I know... I have a similar setup (same version of samba, same
> hardware, same OS but a different windows domain on a different
> network) that is working fine.
>
> > Is the Windows AD DC running a dns server ?
> > Does the Unix client have the AD DC as its nameserver ?
>
> Yes and yes. If I didn't have that, I'm not sure how samba could have
> joined the domain given my configuration. (But I don't understand
> what is going on under the hood.)
>
> > Can you post your /etc/resolv.conf and /etc/hosts
>
> Config files posted below. But first an exciting hint:
>
> When I try to ssh into the box while samba utilities (like "net ads"
> and "wbinfo") are frozen -- the ssh login is also frozen until
> everything is released. Maybe nsswitch I fouled.
>
>
> /etc/resolv.conf:
> root at nickel:~ # cat /etc/resolv.conf
> nameserver 192.168.11.5
> nameserver 192.168.1.4
> domain mydomain.local
>
I take it at least one of the above nameservers is the AD DC, is the
other another AD DC ? If it isn't, then remove it. If they are both
DCs, try changing the order.
I would also change the 'domain mydomain.local' to 'search
mydomain.local'
Is a firewall getting in the way ?
>
> /etc/hosts:
> 127.0.0.1 localhost localhost.mydomain.local
> 192.168.11.3 nickel.mydomain.local nickel
> 192.168.1.2 iron.mydomain.local iron
I take it the machine has a fixed IP and as you are relying on dns to
find the DC (as you should), you do not need the line that starts
'192.168.1.2'
Can you ping the DC from 'nickel', both by IP and name ?
Is winbind actually running ?
Rowland
More information about the samba
mailing list