-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Again,
I have traced some more on the problem.
It is the failing name resolution via netbios that delay the output from
wbinfo -u.
I can see from a trace that failing lookup's are on other DC's in the
domain, which i don't have access to, but they probably don't provide
WINS.
How do i avoid winbind to lookup these DC's, i am not going to use theme
anyway. ?
Regards
//Erik
Erik Holst Trans wrote:
> Hi,
>
> I have set up Samba-3.0.11 to retrive account information from W2k
> server via winbind, and it works.
> But is takes about 10 sec. to retrive the information.
>
> I have dumped some traffic from the request, and it looks like this:
>
> A lot of these:
> 21:21:55.133423 172.20.3.131.1077 > 172.20.3.130.137: NBT UDP
> PACKET(137): QUERY; REQUEST; UNICAST (DF)
> 21:21:55.133842 172.20.3.130.137 > 172.20.3.131.1077: NBT UDP
> PACKET(137): QUERY; NEGATIVE; RESPONSE; UNICAST
> 21:21:55.136553 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
> 21:21:55.406642 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
> 21:21:55.676634 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
>
> And at the end this.
> 21:22:03.358852 172.20.3.131.1077 > 172.20.3.130.137: NBT UDP
> PACKET(137): QUERY; REQUEST; UNICAST (DF)
> 21:22:03.359260 172.20.3.130.137 > 172.20.3.131.1077: NBT UDP
> PACKET(137): QUERY; NEGATIVE; RESPONSE; UNICAST
> 21:22:03.362375 172.20.3.131.1077 > 172.20.3.130.53: 19551+ A?
> MAIL.ag-electric.ts-gruppen.lokal. (51) (DF)
> 21:22:03.362696 172.20.3.130.53 > 172.20.3.131.1077: 19551 NXDomain*
> 0/1/0 (133)
> 21:22:03.365096 172.20.3.131.1077 > 172.20.3.130.53: 19552+ A? MAIL.
> (22) (DF)
> 21:22:03.365304 172.20.3.130.53 > 172.20.3.131.1077: 19552 ServFail
> 0/0/0 (22)
> 21:22:03.367225 172.20.3.131.1077 > 172.20.100.2.53: 19552+ A? MAIL.
> (22) (DF)
> 21:22:03.393420 172.20.100.2.53 > 172.20.3.131.1077: 19552 ServFail
> 0/0/0 (22)
> 21:22:03.394424 172.20.3.131.1077 > 172.20.100.3.53: 19552+ A? MAIL.
> (22) (DF)
> 21:22:03.417466 172.20.100.3.53 > 172.20.3.131.1077: 19552 ServFail
> 0/0/0 (22)
> 21:22:03.418430 172.20.3.131.1077 > 172.20.3.130.53: 19552+ A? MAIL.
> (22) (DF)
> 21:22:03.418693 172.20.3.130.53 > 172.20.3.131.1077: 19552 ServFail
> 0/0/0 (22)
> 21:22:03.420718 172.20.3.131.1077 > 172.20.100.2.53: 19552+ A? MAIL.
> (22) (DF)
> 21:22:03.453146 172.20.100.2.53 > 172.20.3.131.1077: 19552 ServFail
> 0/0/0 (22)
> 21:22:03.454160 172.20.3.131.1077 > 172.20.100.3.53: 19552+ A? MAIL.
> (22) (DF)
> 21:22:03.475636 172.20.100.3.53 > 172.20.3.131.1077: 19552 ServFail
> 0/0/0 (22)
> 21:22:03.477011 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
> 21:22:03.543035 172.20.3.130.445 > 172.20.3.131.1195: .
> 896738190:896738191(1) ack 2114075428 win 65353 (DF)
> 21:22:03.543236 172.20.3.131.1195 > 172.20.3.130.445: . ack 1 win
> 14076 <nop,nop,sack sack 1 {0:1} > (DF)
> 21:22:03.746618 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
> 21:22:04.016733 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
> 21:22:04.288070 172.20.3.131.1077 > 172.20.3.130.137: NBT UDP
> PACKET(137): QUERY; REQUEST; UNICAST (DF)
> 21:22:04.288503 172.20.3.130.137 > 172.20.3.131.1077: NBT UDP
> PACKET(137): QUERY; NEGATIVE; RESPONSE; UNICAST
> 21:22:04.289752 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
> 21:22:04.556624 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
> 21:22:04.826634 172.20.3.131.1077 > 172.20.3.255.137: NBT UDP
> PACKET(137): QUERY; REQUEST; BROADCAST (DF)
> 21:22:05.098145 172.20.3.131.1200 > 172.20.3.130.389: S
> 2238976557:2238976557(0) win 5840 <mss 1460,nop,nop,sackOK,nop,wscale
> 0> (DF)
> 21:22:05.098373 172.20.3.130.389 > 172.20.3.131.1200: S
> 925400727:925400727(0) ack 2238976558 win 65535 <mss 1460,nop,wscale
> 0,nop,nop,sackOK> (DF)
> 21:22:05.098655 172.20.3.131.1200 > 172.20.3.130.389: . ack 1 win 5840
> (DF)
> 21:22:05.101294 172.20.3.131.1077 > 172.20.3.130.53: 19553+ PTR?
> 130.3.20.172.in-addr.arpa. (43) (DF)
> 21:22:05.101577 172.20.3.130.53 > 172.20.3.131.1077: 19553* 1/0/0 (97)
> 21:22:05.104163 172.20.3.131.1200 > 172.20.3.130.389: P 1:61(60) ack 1
> win 5840 (DF)
> 21:22:05.104565 172.20.3.130.389 > 172.20.3.131.1200: P 1:87(86) ack
> 61 win 65475 (DF)
> 21:22:05.104857 172.20.3.131.1200 > 172.20.3.130.389: . ack 87 win
> 5840 (DF)
> 21:22:05.107316 172.20.3.131.1200 > 172.20.3.130.389: P 61:68(7) ack
> 87 win 5840 (DF)
> 21:22:05.107594 172.20.3.130.389 > 172.20.3.131.1200: F 87:87(0) ack
> 68 win 65468 (DF)
> 21:22:05.107907 172.20.3.131.1200 > 172.20.3.130.389: F 68:68(0) ack
> 88 win 5840 (DF)
> 21:22:05.108047 172.20.3.130.389 > 172.20.3.131.1200: . ack 69 win
> 65468 (DF)
> 21:22:11.745590 172.20.3.130.445 > 172.20.3.131.1196: .
> 896798331:896798332(1) ack 2106587559 win 64837 (DF)
> 21:22:11.745880 172.20.3.131.1196 > 172.20.3.130.445: . ack 1 win
> 17152 <nop,nop,sack sack 1 {0:1} > (DF)
>
>
> Seem like some sort of name-resolution problem, but i have no idea
> about what is missing.
> I also have no clue about the DNS lookup of MAIL comes from, there is
> none and never has been ?
>
> Anyone a hint ?
>
> Regards
> //Erik
>
> Here is my smb.conf
>
> [global]
>
> # Optimum Samba performance settings
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> loglevel = 1
>
> # NT workgroup settings
> workgroup = AG-ELECTRIC
> server string = Samba Server
>
> # WINS & network browsing settings
> # All functions disabled apart from using a WINS server for
> lookups.
> local master = no
> domain master = no
> preferred master = no
> wins support = no
> wins server = 172.20.3.130
> dns proxy = yes
>
> security = DOMAIN
> encrypt passwords = Yes
> password server = *
> #password server = AG-W2K-SRV1
> #password server = 172.20.3.130
>
> # Enable Winbind for AD and local account synchronisation
> winbind separator = +
>
> winbind use default domain = yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> winbind cache time = 15
>
> # Defaults for local accounts created by Winbind
> template homedir = /home/%U
> template shell = /bin/nologin
>
> # Logging settings
> log file = /var/log/samba/%m.log
> max log size = 5000
>
> # Printer sharing
> printcap name = /etc/printcap
> load printers = no
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCSH+/pnjBy39MSwURAhi1AKCrN4NIDKJKlltkt5uBB2gPGLVlrgCeI+5O
+/S6s6NTwLbk5Iq4XYvgjSs=bXRc
-----END PGP SIGNATURE-----