Environment
Novell Open Enterprise Server (OES)
Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server (Linux based)
Situation
Samba slow to load
Authentication is slow and may hit a timeout value causing the authentication to fail. If the authentication is tried again it may work.
Authentication is slow and may hit a timeout value causing the authentication to fail. If the authentication is tried again it may work.
Resolution
1) In the smb.conf file point the passdb backend attribute to a server that has all replicas.
This line shows an smb.conf file pointing to an OES server with all replicas in the tree.
(The IP address is shown with x's instead of a real IP address.)
passdb backend = NDS_ldapsam:ldaps://xxx.xxx.xxx.xxx:636
2) Index Samba objects in DS
- Login to iManager on the replica server that the smb.conf file is pointing to
- Select eDirectory Miantenance
- Select Indexes
- Select this replica servers ncp server object
- Create an index for any of these that do not already exist in the list:
sambaSID
object class
sambaSIDList
gidNumber
- You can create a new index for any of these four attributes by:
- Selecting the Create button which brings up the Add Index dialog
- Type a name in the Name field. It can be the same as the attribute name
- Select the matching attribute name from the drop down list
- Set the rule to "Value"
- Click the "OK" button
After selecting the ok button you will be taken back to the list of indexes. The new one will be in a Pending state. When it changes to online the index is finished.
This line shows an smb.conf file pointing to an OES server with all replicas in the tree.
(The IP address is shown with x's instead of a real IP address.)
passdb backend = NDS_ldapsam:ldaps://xxx.xxx.xxx.xxx:636
2) Index Samba objects in DS
- Login to iManager on the replica server that the smb.conf file is pointing to
- Select eDirectory Miantenance
- Select Indexes
- Select this replica servers ncp server object
- Create an index for any of these that do not already exist in the list:
sambaSID
object class
sambaSIDList
gidNumber
- You can create a new index for any of these four attributes by:
- Selecting the Create button which brings up the Add Index dialog
- Type a name in the Name field. It can be the same as the attribute name
- Select the matching attribute name from the drop down list
- Set the rule to "Value"
- Click the "OK" button
After selecting the ok button you will be taken back to the list of indexes. The new one will be in a Pending state. When it changes to online the index is finished.
Additional Information
The problem can be seen in an LDAP trace. Notice the time at the beginning of a search and the time when the result is sent. This one takes nearly ten seconds.
[2008/04/04 14:51:02.571] Search request:
base: "o=org"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(objectClass=sambaGroupMapping)(gidNumber=612))"
attribute: "gidNumber"
attribute: "sambaSID"
attribute: "sambaGroupType"
attribute: "sambaSIDList"
attribute: "description"
attribute: "displayName"
attribute: "cn"
attribute: "objectClass"
[2008/04/04 14:51:12.363] Sending operation result 0:"":"" to connection 0xd579d80
...
If the searches take too long you will see something like this:
[2008/04/04 14:59:00.802] Forcing abandon on operation 0x1:0x60 on connection 0xd579d80
[2008/04/04 14:59:00.802] Preempting operation 0x0:0x0 on connection 0xd579d80 before processing because connection is closing
[2008/04/04 14:49:00.802] Connection 0xd579d80 closed
The samba client has reached it's timeout and closed the connection and the authentication failed.
[2008/04/04 14:51:02.571] Search request:
base: "o=org"
scope:2 dereference:0 sizelimit:0 timelimit:15 attrsonly:0
filter: "(&(objectClass=sambaGroupMapping)(gidNumber=612))"
attribute: "gidNumber"
attribute: "sambaSID"
attribute: "sambaGroupType"
attribute: "sambaSIDList"
attribute: "description"
attribute: "displayName"
attribute: "cn"
attribute: "objectClass"
[2008/04/04 14:51:12.363] Sending operation result 0:"":"" to connection 0xd579d80
...
If the searches take too long you will see something like this:
[2008/04/04 14:59:00.802] Forcing abandon on operation 0x1:0x60 on connection 0xd579d80
[2008/04/04 14:59:00.802] Preempting operation 0x0:0x0 on connection 0xd579d80 before processing because connection is closing
[2008/04/04 14:49:00.802] Connection 0xd579d80 closed
The samba client has reached it's timeout and closed the connection and the authentication failed.