samba - Jul 2004 - Slowdown due to change in DC lookup from 3.0.1 to 3.0.2a

I am experiencing slowdown due to changes introduced after 3.0.1 to the various 
DC lookup routines. I have it narrowed down but don't know where to go from 
here. First the relevant pieces of the conf:

[global]
    workgroup = COMPANY.COM
    security = server
    log level = "4 auth:6"
    password server = SERVER1 SERVER2
    wins server = 10.0.0.29
    os level = 0
    domain / preferred / local master = no
    dns proxy = no

The logs from 3.0.1 (worked fine):

   [2004/07/15 09:55:43, 4] libsmb/namequery.c:get_dc_list(1350)
     get_dc_list: returning 2 ip addresses in an ordered list
   [2004/07/15 09:55:43, 4] libsmb/namequery.c:get_dc_list(1351)
     get_dc_list: 10.0.0.29:0 10.0.0.28:0
   [2004/07/15 09:55:43, 3] libads/ldap.c:ads_connect(218)
     Connected to LDAP server 10.0.0.29
   [2004/07/15 09:55:43, 3] libads/ldap.c:ads_server_info(1887)
     got ldap server name server1@COMPANY.COM, using bind path:
     dc=COMPANY,dc=COM
   [2004/07/15 09:55:43, 4] libsmb/namequery_dc.c:ads_dc_name(65)
     ads_dc_name: using server='SERVER1' IP=10.0.0.29
   [2004/07/15 09:55:43, 3] libsmb/cliconnect.c:cli_start_connection(1326)
     Connecting to host=SERVER1
   [2004/07/15 09:55:43, 3] lib/util_sock.c:open_socket_out(706)
     Connecting to 10.0.0.29 at port 445
   [2004/07/15 09:55:43, 3] auth/auth.c:check_ntlm_password(219)
     ...

The logs from 3.0.4 (slowdown from 59:31 to 59:39)

   [2004/07/15 09:59:31, 4] libsmb/namequery.c:get_dc_list(1350)
     get_dc_list: returning 2 ip addresses in an ordered list
   [2004/07/15 09:59:31, 4] libsmb/namequery.c:get_dc_list(1351)
     get_dc_list: 10.0.0.29:0 10.0.0.28:0
   [2004/07/15 09:59:39, 3] libsmb/trusts_util.c:enumerate_domain_trusts(149)
     enumerate_domain_trusts: can't locate a DC for domain COMAPNY.COM
   [2004/07/15 09:59:39, 5] auth/auth_util.c:make_user_info(132)
     attempting to make a user_info for  ()
   [2004/07/15 09:59:39, 5] auth/auth_util.c:make_user_info(142)
     making strings for 's user_info struct
   [2004/07/15 09:59:39, 5] auth/auth_util.c:make_user_info(184)
     making blobs for 's user_info struct
   [2004/07/15 09:59:39, 3] auth/auth.c:check_ntlm_password(219)
     ...

Continues on and authenticats against the addresses above and works. The appears
to be happening in libsmb/trust_utils.c enumerate_domain_trusts ():

   if ( !get_dc_name(domain, NULL, dc_name, &dc_ip) ) {
      DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain
%s\n",
               domain));

The function get_dc_name was changed in libsmb/namequery_dc.c (1.5 to 1.6 in 
MAIN) from:

   if ( (our_domain && lp_security()==SEC_ADS) || strchr_m(domain,
'.') ) {
      ret = ads_dc_name(domain, &dc_ip, srv_name);

To:

   if ( (our_domain && lp_security()==SEC_ADS) || realm ) {
      ret = ads_dc_name(domain, realm, &dc_ip, srv_name);

It appears before ads_dc_name () was being called before because the condition 
strchr_m(domain, '.') was passing due to the domain being
'COMPANY.COM' in the conf.

Now it fails because it it is checking either ADS security mode or realm. 
However, realm is set to NULL from the enumerate_domain_trusts call.

So that's where I am at. I don't have the priviledges at the company to
add this
server to the domain, which is why security mode is server. I'd appreciate
any
help or pointers. Thanks a lot,

	- Derek

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Derek Holden wrote:

| I am experiencing slowdown due to changes introduced
| after 3.0.1 to the  various DC lookup routines. I have
| it narrowed down but don't know where  to go from here.
| First the relevant pieces of the conf:
|
| [global]
|    workgroup = COMPANY.COM
|    security = server
|    log level = "4 auth:6"
|    password server = SERVER1 SERVER2
|    wins server = 10.0.0.29
|    os level = 0
|    domain / preferred / local master = no
|    dns proxy = no
...

| It appears before ads_dc_name () was being
| alled before because the  condition strchr_m(domain, '.')
| was passing  due to the domain being  'COMPANY.COM' in
| the conf.

This is why the check was considered to be bogus.
having a '.' in a netbios name always ends in tears.
Set workgroup to be the short version of the AD
realm name.  Then the name should resolve via WINS.

| Now it fails because it it is checking either ADS
| security mode or  realm. However, realm is set to NULL
| from the enumerate_domain_trusts call.
|
| So that's where I am at. I don't have the priviledges at
| the company to  add this server to the domain, which is
| why security mode is server. I'd  appreciate any help
| or pointers. Thanks a lot,




cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA/VlnIR7qMdg1EfYRAq37AKDjUmYB6z37pUbWpKXPK+v46jEqbACgtkFv
XnURNQjeDQjILgeU3ljf9co=BmhS
-----END PGP SIGNATURE-----