Derek Holden
2004-Jul-15 15:28 UTC
[Samba] Slowdown due to change in DC lookup from 3.0.1 to 3.0.2a
I am experiencing slowdown due to changes introduced after 3.0.1 to the various DC lookup routines. I have it narrowed down but don't know where to go from here. First the relevant pieces of the conf: [global] workgroup = COMPANY.COM security = server log level = "4 auth:6" password server = SERVER1 SERVER2 wins server = 10.0.0.29 os level = 0 domain / preferred / local master = no dns proxy = no The logs from 3.0.1 (worked fine): [2004/07/15 09:55:43, 4] libsmb/namequery.c:get_dc_list(1350) get_dc_list: returning 2 ip addresses in an ordered list [2004/07/15 09:55:43, 4] libsmb/namequery.c:get_dc_list(1351) get_dc_list: 10.0.0.29:0 10.0.0.28:0 [2004/07/15 09:55:43, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 10.0.0.29 [2004/07/15 09:55:43, 3] libads/ldap.c:ads_server_info(1887) got ldap server name server1@COMPANY.COM, using bind path: dc=COMPANY,dc=COM [2004/07/15 09:55:43, 4] libsmb/namequery_dc.c:ads_dc_name(65) ads_dc_name: using server='SERVER1' IP=10.0.0.29 [2004/07/15 09:55:43, 3] libsmb/cliconnect.c:cli_start_connection(1326) Connecting to host=SERVER1 [2004/07/15 09:55:43, 3] lib/util_sock.c:open_socket_out(706) Connecting to 10.0.0.29 at port 445 [2004/07/15 09:55:43, 3] auth/auth.c:check_ntlm_password(219) ... The logs from 3.0.4 (slowdown from 59:31 to 59:39) [2004/07/15 09:59:31, 4] libsmb/namequery.c:get_dc_list(1350) get_dc_list: returning 2 ip addresses in an ordered list [2004/07/15 09:59:31, 4] libsmb/namequery.c:get_dc_list(1351) get_dc_list: 10.0.0.29:0 10.0.0.28:0 [2004/07/15 09:59:39, 3] libsmb/trusts_util.c:enumerate_domain_trusts(149) enumerate_domain_trusts: can't locate a DC for domain COMAPNY.COM [2004/07/15 09:59:39, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for () [2004/07/15 09:59:39, 5] auth/auth_util.c:make_user_info(142) making strings for 's user_info struct [2004/07/15 09:59:39, 5] auth/auth_util.c:make_user_info(184) making blobs for 's user_info struct [2004/07/15 09:59:39, 3] auth/auth.c:check_ntlm_password(219) ... Continues on and authenticats against the addresses above and works. The appears to be happening in libsmb/trust_utils.c enumerate_domain_trusts (): if ( !get_dc_name(domain, NULL, dc_name, &dc_ip) ) { DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n", domain)); The function get_dc_name was changed in libsmb/namequery_dc.c (1.5 to 1.6 in MAIN) from: if ( (our_domain && lp_security()==SEC_ADS) || strchr_m(domain, '.') ) { ret = ads_dc_name(domain, &dc_ip, srv_name); To: if ( (our_domain && lp_security()==SEC_ADS) || realm ) { ret = ads_dc_name(domain, realm, &dc_ip, srv_name); It appears before ads_dc_name () was being called before because the condition strchr_m(domain, '.') was passing due to the domain being 'COMPANY.COM' in the conf. Now it fails because it it is checking either ADS security mode or realm. However, realm is set to NULL from the enumerate_domain_trusts call. So that's where I am at. I don't have the priviledges at the company to add this server to the domain, which is why security mode is server. I'd appreciate any help or pointers. Thanks a lot, - Derek
Gerald (Jerry) Carter
2004-Jul-20 17:42 UTC
[Samba] Slowdown due to change in DC lookup from 3.0.1 to 3.0.2a
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek Holden wrote: | I am experiencing slowdown due to changes introduced | after 3.0.1 to the various DC lookup routines. I have | it narrowed down but don't know where to go from here. | First the relevant pieces of the conf: | | [global] | workgroup = COMPANY.COM | security = server | log level = "4 auth:6" | password server = SERVER1 SERVER2 | wins server = 10.0.0.29 | os level = 0 | domain / preferred / local master = no | dns proxy = no ... | It appears before ads_dc_name () was being | alled before because the condition strchr_m(domain, '.') | was passing due to the domain being 'COMPANY.COM' in | the conf. This is why the check was considered to be bogus. having a '.' in a netbios name always ends in tears. Set workgroup to be the short version of the AD realm name. Then the name should resolve via WINS. | Now it fails because it it is checking either ADS | security mode or realm. However, realm is set to NULL | from the enumerate_domain_trusts call. | | So that's where I am at. I don't have the priviledges at | the company to add this server to the domain, which is | why security mode is server. I'd appreciate any help | or pointers. Thanks a lot, cheers, jerry - ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." ----------- Sting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/VlnIR7qMdg1EfYRAq37AKDjUmYB6z37pUbWpKXPK+v46jEqbACgtkFv XnURNQjeDQjILgeU3ljf9co=BmhS -----END PGP SIGNATURE-----