[Samba] DC: LDAP query slowness when a DC in the domain is down.

Marco Gaiarin gaio at lilliput.linux.it
Fri Jun 17 15:35:49 UTC 2022


Mandi! Jonathon Reinhart via samba
  In chel di` si favelave...

> I would take a pcap on the client and/or run your ldbsearch under strace to
> see where the delays are coming from.

Good hint!


> My guess is DNS, because It's Always DNS.

;-)


OK, removed some firewall rules effectively preventing DCs from
communicating (was the error i've triggered some week ago).

 root at vdmsv1:~# time /usr/bin/ldbsearch --show-binary -H ldap://vdcsv1.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=donatella.billuz))' unixHomeDirectory
 # record 1
 [...]
 # returned 4 records
 # 1 entries
 # 3 referrals

 real	2m10,488s
 user	0m0,600s
 sys	0m0,024s

Ok, doing strace:

 stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
 socket(AF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 8
 connect(8, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
 poll([{fd=8, events=POLLOUT}], 1, 0)    = 1 ([{fd=8, revents=POLLOUT}])
 sendmmsg(8, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=",\21\1\0\0\1\0\0\0\0\0\1\7vdctms1\2ad\3fvg\3lnf\2"..., iov_len=50}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTWAIT|MSG_SYN|MSG_ERRQUEUE|MSG_MORE|MSG_FASTOPEN|0x4a0000}, msg_len=50}, {msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="$\207\1\0\0\1\0\0\0\0\0\1\7vdctms1\2ad\3fvg\3lnf\2"..., iov_len=50}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_DONTWAIT|MSG_FIN|MSG_SYN|MSG_CONFIRM|MSG_ERRQUEUE|MSG_BATCH|MSG_CMSG_CLOEXEC|0x16420000}, msg_len=50}], 2, MSG_NOSIGNAL) = 2
 poll([{fd=8, events=POLLIN}], 1, 1000)  = 1 ([{fd=8, revents=POLLIN}])
 ioctl(8, FIONREAD, [104])               = 0
 recvfrom(8, "$\207\201\200\0\1\0\0\0\1\0\1\7vdctms1\2ad\3fvg\3lnf\2"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [28->16]) = 104
 poll([{fd=8, events=POLLIN}], 1, 998)   = 1 ([{fd=8, revents=POLLIN}])
 ioctl(8, FIONREAD, [324])               = 0
 recvfrom(8, ",\21\201\200\0\1\0\1\0\6\0\7\7vdctms1\2ad\3fvg\3lnf\2"..., 65536, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [28->16]) = 324
 close(8)                                = 0
 socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 8
 fcntl(8, F_GETFD)                       = 0
 fcntl(8, F_SETFD, FD_CLOEXEC)           = 0
 fcntl(8, F_GETFL)                       = 0x2 (flags O_RDWR)
 fcntl(8, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
 connect(8, {sa_family=AF_INET, sin_port=htons(88), sin_addr=inet_addr("10.99.25.1")}, 16) = -1 EINPROGRESS (Operation now in progress)
 getpid()                                = 2284
 epoll_ctl(7, EPOLL_CTL_ADD, 8, {EPOLLIN|EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=772387904, u64=94511527736384}}) = 0
 getpid()                                = 2284
 epoll_wait(7, [], 1, 30000)             = 0
 getpid()                                = 2284
 epoll_wait(7, [], 1, 30000)             = 0
 getpid()                                = 2284
 epoll_wait(7, [], 1, 30000)             = 0
 getpid()                                = 2284
 epoll_wait(7, 

ok, '10.99.25.1' is a DC under a 'DROP' firewall condition, but still i
don't understand why 'ldbsearch' query a foreign DNS while having TWO DCs in
local...

In /etc/resolv.conf i have:

	# Enable EDNS and reduce timeouts.
	options edns0
	options timeout:1
	options attempts:2

but the timout exceeded 1 seconds and two try.

I seek some help...

-- 
  Nobody expects the Bavarian inquisition!
						(Anonimo, 19/4/2005)





More information about the samba mailing list