thr3ads.net - samba - [Samba] DC: LDAP query slowness when a DC in the domain is down. [Jun 2022]

If this information is useful, please help other people find it:
Share via:

Marco Gaiarin

2022-Jun-06 12:25 UTC

[Samba] DC: LDAP query slowness when a DC in the domain is down.

I come back to this. Setup: Samba AD DC domain with 6 DCs, 4 sites (2 sites
with 2 DC, 2 sites with 1 DC).

If some of the sites/DCs goes down, after some minutes (rougly 20 minutes)
the DCs in the site where there's the DC with the FSMO roles start to
respond very slowly to LDAP query.

For examples, normally:

 root at vdmsv1:~# time /usr/bin/ldbsearch --show-binary -H
ldap://vdcsv2.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it
'(&(objectClass=user)(sAMAccountName=donatella.billuz))'
unixHomeDirectory
 # record 1
 [...]
 real	0m0,804s
 user	0m0,576s
 sys	0m0,040s

when some DCs/sites are down:

 root at vdmsv1:~# time /usr/bin/ldbsearch --show-binary -H
ldap://vdcsv2.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it
'(&(objectClass=user)(sAMAccountName=donatella.billuz))'
unixHomeDirectory
 # record 1
 [...]
 real	4m23,010s
 user	0m0,552s
 sys	0m0,052s

Why?! How can i prevent this?


Thanks.

-- 
  Ho ancora la forza di non tirarmi indietro, [...]
  di far la conta degli amici andati e dire ``ci vediam pi? tardi''
							(F. Guccini)

Jonathon Reinhart

2022-Jun-07 01:22 UTC

head link

[Samba] DC: LDAP query slowness when a DC in the domain is down.

I would take a pcap on the client and/or run your ldbsearch under strace to
see where the delays are coming from.

My guess is DNS, because It's Always DNS.

On Mon, Jun 6, 2022, 16:11 Marco Gaiarin via samba <samba at
lists.samba.org>
wrote:
>
> I come back to this. Setup: Samba AD DC domain with 6 DCs, 4 sites (2 sites
> with 2 DC, 2 sites with 1 DC).
>
> If some of the sites/DCs goes down, after some minutes (rougly 20 minutes)
> the DCs in the site where there's the DC with the FSMO roles start to
> respond very slowly to LDAP query.
>
> For examples, normally:
>
>  root at vdmsv1:~# time /usr/bin/ldbsearch --show-binary -H ldap://
> vdcsv2.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it
> '(&(objectClass=user)(sAMAccountName=donatella.billuz))'
unixHomeDirectory
>  # record 1
>  [...]
>  real   0m0,804s
>  user   0m0,576s
>  sys    0m0,040s
>
> when some DCs/sites are down:
>
>  root at vdmsv1:~# time /usr/bin/ldbsearch --show-binary -H ldap://
> vdcsv2.ad.fvg.lnf.it -P -b DC=ad,DC=fvg,DC=lnf,DC=it
> '(&(objectClass=user)(sAMAccountName=donatella.billuz))'
unixHomeDirectory
>  # record 1
>  [...]
>  real   4m23,010s
>  user   0m0,552s
>  sys    0m0,052s
>
> Why?! How can i prevent this?
>
>
> Thanks.
>
> --
>   Ho ancora la forza di non tirarmi indietro, [...]
>   di far la conta degli amici andati e dire ``ci vediam pi? tardi''
>                                                         (F. Guccini)
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

samba - Jun 2022 - DC: LDAP query slowness when a DC in the domain is down.

[Samba] DC: LDAP query slowness when a DC in the domain is down.

[Samba] DC: LDAP query slowness when a DC in the domain is down.