Your ISA server is searching USER1 on ldap server.
Did you migrate all users?
You should try:
# ldapsearch -x -W -D 'cn=admin,dc=test,dc=fr" uid=USER1
or
# ldapsearch -w -D -D 'cn=admin,dc=test,dc=fr" > all.ldif. it will
make
a text file with all information about your ldap db.
where cn=admin,dc=test,dc=fr is your admin user in ldap system (look at
slapd.conf) (binddn)
On request give your bind ldap password.
Il gio, 2004-07-29 alle 15:30, Julien Bordet ha scritto:
> Hi everybody,
>
> I have a Samba 3.0.4 PDC configured on my network. Previously, there was a
Windows NT 4 PDC, that was migrated to my Samba / OpenLDAP configuration.
>
> Everything is working fine, except our ISA Server.
>
> Indeed, ISA Server was previously configured to let users that belong to
the "Internet Access" group to surf. During the migration phase, we
did not change anything.
>
> Now it works, but very very slowly, and by far slower than before the
migration.
>
> Tracing the network data between the ISA server and the Samba Server, and
having a look at the openLDAP log file make me think that ISA Server tries to
authenticate user for each request, and not once per session. Indeed, I've
got much network traffic, lots a LDAP requests like that :
>
> Jul 29 15:22:36 ldap slapd[25440]: conn=2 op=2222 SRCH
base="dc=test,dc=fr" scope=2
filter="(&(uid=USER1)(objectClass=sambaSamAccount))"
>
> and much load on the server, because of slapd processes. If I turn off ISA
server, everything is OK and normal.
>
> So is NTLM authentication different in Samba than in Windows NT PDC ? What
would you advise me ?
>
> Many thanks
>
> Julien
>
> ------------------------------------------------------
> My smb.conf file :
>
>
> [Global]
> workgroup = RUEIL1
> netbios name = LDAP
> server string = SAMBA-LDAP PDC
> username map = /etc/samba/smbusers
> encrypt passwords = yes
> interfaces = 172.16.0.115/16
> domain logons = Yes
> os level = 65
> domain master = Yes
> local master = Yes
> preferred master = Yes
> security = user
> wins support = Yes
> name resolve order = wins bcast lmhosts host
> admin users = install administrateur
> passdb backend = ldapsam:ldap://localhost
> ldap admin dn = "cn=samba,ou=DSA,dc=mairie-rueilmalmaison,dc=fr"
> ldap ssl = off
> ldap delete dn = yes
> ldap user suffix = ou=Utilisateurs
> ldap group suffix = ou=Groupes
> ldap machine suffix = ou=Machines
> ldap suffix = dc=mairie-rueilmalmaison,dc=fr
> ldap idmap suffix = ou=Utilisateurs
> ldap passwd sync = yes
> Dos charset = 850
> Unix charset = ISO8859-1
> log level = 1
> #log level = 3
> log file = /var/log/samba/%m.log
> max log size = 100000
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
IPTOS_LOWDELAY
> logon script = logon.bat
> logon drive = H:
> logon home > logon path > add machine script =
/usr/local/sbin/smbldap-useradd -w "%u"
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
> #delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
> [homes]
> comment = R?pertoires utilisateurs
> valid users = %U
> read only = No
> create mask = 0664
> directory mask = 0775
> browseable = No
> [netlogon]
> path = /var/lib/samba/netlogon
> browseable = No
> read only = Yes
>
>
>
>
> ______________________________________________________________________
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
_______________________
Umberto Zanatta
linuxDidattica
tel: +39 (335) 54 71 385
email: umberto.z@tin.it
web: http://linuxdidattica.org
_______________________