[Samba] DC: LDAP query slowness when a DC in the domain is down.
Marco Gaiarin
gaio at lilliput.linux.it
Fri Jun 17 15:35:49 UTC 2022
Mandi! Jonathon Reinhart via samba
In chel di` si favelave...
> I would take a pcap on the client and/or run your ldbsearch under strace to
> see where the delays are coming from.
Good hint!
> My guess is DNS, because It's Always DNS.
;-)
OK, removed some firewall rules effectively preventing DCs from
communicating (was the error i've triggered some week ago).
root at vdmsv1:~# time /usr/bin/ldbsearch --show-binary -H ldap://vdcsv1.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=donatella.billuz))' unixHomeDirectory
# record 1
[...]
# returned 4 records
# 1 entries
# 3 referrals
real 2m10,488s
user 0m0,600s
sys 0m0,024s
Ok, doing strace:
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
socket(AF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 8
connect(8, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
poll([{fd=8, events=POLLOUT}], 1, 0) = 1 ([{fd=8, revents=POLLOUT}])
sendmmsg(8, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=",\21\1\0\0\1\0\0\0\0\0\1\7vdctms1\2ad\3fvg\3lnf\2"..., iov_len=50}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTWAIT|MSG_SYN|MSG_ERRQUEUE|MSG_MORE|MSG_FASTOPEN|0x4a0000}, msg_len=50}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="$\207\1\0\0\1\0\0\0\0\0\1\7vdctms1\2ad\3fvg\3lnf\2"..., iov_len=50}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_DONTWAIT|MSG_FIN|MSG_SYN|MSG_CONFIRM|MSG_ERRQUEUE|MSG_BATCH|MSG_CMSG_CLOEXEC|0x16420000}, msg_len=50}], 2, MSG_NOSIGNAL) = 2
poll([{fd=8, events=POLLIN}], 1, 1000) = 1 ([{fd=8, revents=POLLIN}])
ioctl(8, FIONREAD, [104]) = 0
recvfrom(8, "$\207\201\200\0\1\0\0\0\1\0\1\7vdctms1\2ad\3fvg\3lnf\2"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [28->16]) = 104
poll([{fd=8, events=POLLIN}], 1, 998) = 1 ([{fd=8, revents=POLLIN}])
ioctl(8, FIONREAD, [324]) = 0
recvfrom(8, ",\21\201\200\0\1\0\1\0\6\0\7\7vdctms1\2ad\3fvg\3lnf\2"..., 65536, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [28->16]) = 324
close(8) = 0
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 8
fcntl(8, F_GETFD) = 0
fcntl(8, F_SETFD, FD_CLOEXEC) = 0
fcntl(8, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(8, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(8, {sa_family=AF_INET, sin_port=htons(88), sin_addr=inet_addr("10.99.25.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
getpid() = 2284
epoll_ctl(7, EPOLL_CTL_ADD, 8, {EPOLLIN|EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=772387904, u64=94511527736384}}) = 0
getpid() = 2284
epoll_wait(7, [], 1, 30000) = 0
getpid() = 2284
epoll_wait(7, [], 1, 30000) = 0
getpid() = 2284
epoll_wait(7, [], 1, 30000) = 0
getpid() = 2284
epoll_wait(7,
ok, '10.99.25.1' is a DC under a 'DROP' firewall condition, but still i
don't understand why 'ldbsearch' query a foreign DNS while having TWO DCs in
local...
In /etc/resolv.conf i have:
# Enable EDNS and reduce timeouts.
options edns0
options timeout:1
options attempts:2
but the timout exceeded 1 seconds and two try.
I seek some help...
--
Nobody expects the Bavarian inquisition!
(Anonimo, 19/4/2005)
More information about the samba
mailing list