Dear List,
I have CentOS 5.5 64bit (fully updated) , Samba3 3.5.5-43.el5 (SerNET
Samba) , openldap-2.3.43-12.el5_5.2 , nss_ldap-253-25.el5 .
My Problem is , If I login to the domain and run a program from the Samba3
Server it's slow , if I login from this same machine but this time to the
local account, and then I go to the Samba3 server specify domain admin
password when asked for it(only once,when accessing the desired share)
and run the same program I'm 2-3x times faster. I've googled a bit, and
found another guy was having speed problems when runing programs on a Samba3
server with ldap backend. But I must admit I'm no Openldap expert, if you
can please take a look at my config and tell me what is wrong with it, it's
probably the ldap part... what I did try sofar stoped openldap , and did a
slapindex, and started it again but no help.
Bellow are my config files :
/etc/samba/smb.conf
[global]
use sendfile = yes
read raw = yes
write raw = yes
#max xmit = 65535
dead time = 30
getwd cache = yes
lock spin time = 200
workgroup = CAPRIOLOBIKE
netbios name = PDC-SERVER
server string = cfile-server
log file = /var/log/samba/log.%m
max log size = 50
security = user
encrypt passwords = yes
# Added by moquist
obey pam restrictions = No
ldap passwd sync = Yes
time server = Yes
unix password sync = no
# Added by moquist
log level = 1
syslog = 0
mangling method = hash2
dos charset = 850
unix charset = ISO8859-1
passwd program = /usr/sbin/smbldap-passwd -u %u
username map = /etc/samba/smbusers
interfaces = bond0
local master = yes
os level = 200
domain master = yes
preferred master = yes
domain logons = yes
logon script = scripts\%m.bat
# Added by moquist
logon drive = X:
logon home = \\%L\home\%U
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=capriolobike,dc=com
ldap suffix = dc=capriolobike,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = off
ldap delete dn = Yes
# use the smbldap-tools scripts
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
logon path
wins support = yes
#dns proxy = yes
name resolve order = wins bcast hosts
#veto oplock files = /*.doc/*.xls/*.mdb/
#============================ Share Definitions
=============================idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[IPC$]
path = /tmp
browsable = No
[homes]
comment = Home Directories
valid users = %S
browseable = No
writable = yes
create mask = 0600
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
writeable = yes
browseable = No
create mode = 0600
directory mode = 0700
[backup1]
comment = Private Backup 1
path = /share
read only = No
create mask = 0777
directory mode = 0777
force create mode = 0777
valid users = denes
invalid users = bikeclub
oplocks = false
level2 oplocks = false
[storage3]
comment = Public Storage 3
path = /share5
read only = No
create mask = 0777
directory mode = 0777
force create mode = 077
invalid users = bikeclub
oplocks = false
level2 oplocks = false
[storage2]
comment = Public Storage 2
path = /share2
read only = No
create mask = 0777
directory mask = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = false
level2 oplocks = false
[storage]
comment = Public Storage
path = /share3
read only = No
create mask = 0777
directory mode = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = false
level2 oplocks = false
[novosti]
comment = Novosti
path = /share4
read only = No
create mask = 0777
directory mode = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = false
level2 oplocks = false
[drivers1]
comment = Drivers 1
path = /drivers1
read only = No
create mask = 0777
directory mode = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = false
level2 oplocks = false
[drivers2]
comment = Drivers 2
path = /drivers2
read only = No
create mask = 0777
directory mode = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = false
level2 oplocks = false
[drivers3]
comment = Drivers 3
path = /drivers3
read only = No
create mask = 0777
directory mode = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = false
level2 oplocks = false
[K]
path = /app_capri
read only = No
create mask = 0777
directory mode = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = true
level2 oplocks = true
[T]
path = /app_kripton
read only = No
create mask = 0777
directory mask = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = true
level2 oplocks = true
[Q]
path = /backuppc/WINGS
read only = No
create mask = 0777
directory mask = 0777
force create mode = 0777
invalid users = bikeclub
oplocks = true
level2 oplocks = true
/etc/openldap/ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01
kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
HOST 127.0.0.1
BASE dc=capriolobike,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
/etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01
kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
HOST 127.0.0.1
BASE dc=capriolobike,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
[root at pdc-server openldap]# cat slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24
23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/slapd.pid
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=capriolobike,dc=com"
rootdn "cn=Manager,dc=capriolobike,dc=com"
rootpw my_secret_code
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
/etc/ldap.conf
host 127.0.0.1
base dc=capriolobike,dc=com
rootbinddn cn=nssldap,ou=DSA,dc=capriolobike,dc=com
timelimit 30
bind_timelimit 30
ssl no
pam_password md5
tls_cacertdir /etc/openldap/cacerts
bind_policy soft
nss_initgroups_ignoreusers ldap
/var/lib/ldap/DB_CONFIG
# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4 2007/12/18 11:51:46
ghenry Exp $
# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases.
#
# See the Oracle Berkeley DB documentation
#
<http://www.oracle.com/technology/documentation/berkeley-db/db/ref/env/db_co
nfig.html>
# for detail description of DB_CONFIG syntax and semantics.
#
# Hints can also be found in the OpenLDAP Software FAQ
# <http://www.openldap.org/faq/index.cgi?file=2>
# in particular:
# <http://www.openldap.org/faq/index.cgi?file=1075>
# Note: most DB_CONFIG settings will take effect only upon rebuilding
# the DB environment.
# one 0.25 GB cache
set_cachesize 0 268435456 1
# Data Directory
#set_data_dir db
# Transaction Log settings
set_lg_regionmax 262144
set_lg_bsize 2097152
#set_lg_dir logs
# Note: special DB_CONFIG flags are no longer needed for "quick"
# slapadd(8) or slapindex(8) access (see their -q option).
Sincerely
Robert Becskei
