[Samba] DC: LDAP query slowness when a DC in the domain is down.
Jonathon Reinhart
jonathon.reinhart at gmail.com
Tue Jun 7 01:22:35 UTC 2022
I would take a pcap on the client and/or run your ldbsearch under strace to
see where the delays are coming from.
My guess is DNS, because It's Always DNS.
On Mon, Jun 6, 2022, 16:11 Marco Gaiarin via samba <samba at lists.samba.org>
wrote:
>
> I come back to this. Setup: Samba AD DC domain with 6 DCs, 4 sites (2 sites
> with 2 DC, 2 sites with 1 DC).
>
> If some of the sites/DCs goes down, after some minutes (rougly 20 minutes)
> the DCs in the site where there's the DC with the FSMO roles start to
> respond very slowly to LDAP query.
>
> For examples, normally:
>
> root at vdmsv1:~# time /usr/bin/ldbsearch --show-binary -H ldap://
> vdcsv2.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it
> '(&(objectClass=user)(sAMAccountName=donatella.billuz))' unixHomeDirectory
> # record 1
> [...]
> real 0m0,804s
> user 0m0,576s
> sys 0m0,040s
>
> when some DCs/sites are down:
>
> root at vdmsv1:~# time /usr/bin/ldbsearch --show-binary -H ldap://
> vdcsv2.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it
> '(&(objectClass=user)(sAMAccountName=donatella.billuz))' unixHomeDirectory
> # record 1
> [...]
> real 4m23,010s
> user 0m0,552s
> sys 0m0,052s
>
> Why?! How can i prevent this?
>
>
> Thanks.
>
> --
> Ho ancora la forza di non tirarmi indietro, [...]
> di far la conta degli amici andati e dire ``ci vediam più tardi''
> (F. Guccini)
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list