Dave Lund
2012-Feb-06 20:25 UTC
[Samba] BDC constantly rebinds to master ldap server causing browsing delay
Hello,
I seem to be having an issue where one of my BDC servers constantly needs
to rebind to the "master" ldap server (ldap1.ae-solutions.com).
Whenever
this happens I see several entries in the log like this:
"smbldap_search_ext: waiting 928 milliseconds for LDAP replication."
It appears to cause delay when browsing samba shares whenever this
happens. The master ldap server is at a different WAN site, this BDC does
have a local slave ldap server (ldap1.mpls.ae-solutions.com) that it
should be using instead. Everything was working correctly before, it
seems to have started after the last yum update I did on this server.
Server Info:
CentOS 5.7 x64
samba3x-3.5.4-0.83.el5_7.2 (updated from samba3x-3.5.4-0.70.el5_6.1)
Here is a snippet of the output of "pdbedit -v username"
--------------------------------------------------------------------------
-------------------------------------
winbind failed to find a gid for sid
S-1-5-21-112718084-1284083569-2990761952-5055
lookup_global_sam_rid: looking up RID 5055.
smbldap_search_ext: base => [dc=ae-solutions,dc=com], filter =>
[(&(sambaSID=S-1-5-21-112718084-1284083569-2990761952-5055)(objectclass=sa
mbaSamAccount))], scope => [2]
smbldap_search_ext: waiting 921 milliseconds for LDAP replication.
smbldap_search_ext: go on!
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-112718084-1284083569-2990761952-5055] count=0
smbldap_search_ext: base => [dc=ae-solutions,dc=com], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-112718084-1284083569-
2990761952-5055))], scope => [2]
init_group_from_ldap: Entry found for group: 2027
LEGACY: sid S-1-5-21-112718084-1284083569-2990761952-5055 -> gid 2027
pdb_set_group_sid: setting group sid
S-1-5-21-112718084-1284083569-2990761952-5055
Cache entry with key = ACCT_POL/minimum password age couldn't be found
ldapsam_get_account_policy_from_ldap
smbldap_search_ext: base => [sambaDomainName=AEI,dc=ae-solutions,dc=com],
filter => [(objectClass=sambaDomain)], scope => [0]
ldapsam_get_account_policy: failed to retrieve from ldap
ldapsam_set_account_policy_in_ldap
smbldap_modify: dn => [sambaDomainName=AEI,dc=ae-solutions,dc=com]
rebindproc_connect_with_state: Rebinding to
ldap://ldap1.ae-solutions.com/sambaDomainName=AEI,dc=ae-solutions,dc=com
as "cn=Manager,dc=ae-solutions,dc=com"
rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66)
Failed to modify dn: sambaDomainName=AEI,dc=ae-solutions,dc=com, error: 17
(Undefined attribute type) (sambaMinPwdAge: attribute type undefined)
Cache entry with key = ACCT_POL/maximum password age couldn't be found
ldapsam_get_account_policy_from_ldap
smbldap_search_ext: base => [sambaDomainName=AEI,dc=ae-solutions,dc=com],
filter => [(objectClass=sambaDomain)], scope => [0]
smbldap_search_ext: waiting 928 milliseconds for LDAP replication.
smbldap_search_ext: go on!
ldapsam_get_account_policy: failed to retrieve from ldap
ldapsam_set_account_policy_in_ldap
smbldap_modify: dn => [sambaDomainName=AEI,dc=ae-solutions,dc=com]
rebindproc_connect_with_state: Rebinding to
ldap://ldap1.ae-solutions.com/sambaDomainName=AEI,dc=ae-solutions,dc=com
as "cn=Manager,dc=ae-solutions,dc=com"
rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66)
Failed to modify dn: sambaDomainName=AEI,dc=ae-solutions,dc=com, error: 17
(Undefined attribute type) (sambaMaxPwdAge: attribute type undefined)
Here's the global section of smb.conf on this server:
[global]
workgroup = AEI
server string =
passdb backend = ldapsam:ldap://ldap1.mpls.ae-solutions.com
log level = 10
log file = /var/log/samba/log.%m
printcap name = /etc/printcap
add user script = /usr/sbin/smbldap-useradd -m '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u'
'%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = %U.bat
logon path =
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 34
preferred master = Auto
domain master = No
dns proxy = No
wins server = 10.2.0.2
ldap admin dn = cn=Manager,dc=ae-solutions,dc=com
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=ae-solutions,dc=com
ldap ssl = no
ldap user suffix = ou=People
invalid users = daemon, sys, adm, lp, smtp, uucp, nuucp, listen,
noaccess, nobody4
If more info is needed please let me know.
Thanks,
Dave L.
Possibly Parallel Threads
- Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
- password changing errors
- Ubuntu server 14.04 classic upgrade segmentation fault
- Can't get ldap passwd sync = only to send password request to ldap server
- pdbedit dosen't send the sambaSID to the ldap
Wisdom of the Ancients
