samba - Jan 2015 - debian wheezy 4.1.11 ldap backend / uid/gid resolving

Hi,

i am transitioning from a samba3 to a samba4 installation and while at
it i noticed that on samba4 every file access querys the LDAP (openldap)
backend for uid/gid names.

With samba3 on Debian/Squeeze i dont see this happening. My assumption
was that nscd would cache away those querys which it doesnt on the
samba4 wheeze installation.

[2015/01/09 15:21:46.331508,  3]
../source3/smbd/dir.c:1226(smbd_dirptr_get_entry)
  smbd_dirptr_get_entry mask=[*] found
shared/Software/windows/MC861_Full_CD/Drivers/NOR fname=NOR (NOR)
[2015/01/09 15:21:46.332434,  2]
../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: flo
[2015/01/09 15:21:46.333609,  2]
../source3/passdb/pdb_ldap.c:2311(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1000

Hints?

Flo
-- 
Florian Lohoff                                                 f at zz.de
     We need to self-defense - GnuPG/PGP enable your email today!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20150109/2a968f23/attachment.pgp>

On 09/01/15 15:23, Florian Lohoff wrote:
> Hi,
>
> i am transitioning from a samba3 to a samba4 installation and while at
> it i noticed that on samba4 every file access querys the LDAP (openldap)
> backend for uid/gid names.
>
> With samba3 on Debian/Squeeze i dont see this happening. My assumption
> was that nscd would cache away those querys which it doesnt on the
> samba4 wheeze installation.
>
> [2015/01/09 15:21:46.331508,  3]
../source3/smbd/dir.c:1226(smbd_dirptr_get_entry)
>    smbd_dirptr_get_entry mask=[*] found
shared/Software/windows/MC861_Full_CD/Drivers/NOR fname=NOR (NOR)
> [2015/01/09 15:21:46.332434,  2]
../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
>    init_sam_from_ldap: Entry found for user: flo
> [2015/01/09 15:21:46.333609,  2]
../source3/passdb/pdb_ldap.c:2311(init_group_from_ldap)
>    init_group_from_ldap: Entry found for group: 1000
>
> Hints?
>
> Flo
>
>
Hi, can you post your smb.conf, also did you use the same one on samba3 ?

Rowland

On Fri, Jan 09, 2015 at 03:42:53PM +0000, Rowland Penny
wrote:
> On 09/01/15 15:23, Florian Lohoff wrote:
> >Hi,
> >
> >i am transitioning from a samba3 to a samba4 installation and while at
> >it i noticed that on samba4 every file access querys the LDAP
(openldap)
> >backend for uid/gid names.
> >
> >With samba3 on Debian/Squeeze i dont see this happening. My assumption
> >was that nscd would cache away those querys which it doesnt on the
> >samba4 wheeze installation.
> >
> >[2015/01/09 15:21:46.331508,  3]
../source3/smbd/dir.c:1226(smbd_dirptr_get_entry)
> >   smbd_dirptr_get_entry mask=[*] found
shared/Software/windows/MC861_Full_CD/Drivers/NOR fname=NOR (NOR)
> >[2015/01/09 15:21:46.332434,  2]
../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
> >   init_sam_from_ldap: Entry found for user: flo
> >[2015/01/09 15:21:46.333609,  2]
../source3/passdb/pdb_ldap.c:2311(init_group_from_ldap)
> >   init_group_from_ldap: Entry found for group: 1000
> 
> Hi, can you post your smb.conf, also did you use the same one on samba3 ?
Nope - fresh installation

[global]
   workgroup = VC
   netbios name = VC
   dns proxy = no
   log level = 3 passdb:5 auth:10 winbind:5
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = ldapsam:"ldap://gtso1-srv5.net.domain.de"
	ldap admin dn = cn=samba,ou=apps,dc=domain,dc=de
	ldap ssl = start tls
	ldap suffix = dc=domain,dc=de
        ldap group suffix = ou=posixgroups
        ldap user suffix = ou=staff
        ldap machine suffix = ou=machines
	ldap idmap suffix = ou=idmap

	add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g" 
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
	set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
   unix password sync = no
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   follow symlinks = yes
   wide links = yes
   unix extensions = no

[homes]
        path = /data/samba/homes/%u
        root preexec = /usr/local/sbin/samba-checkuserhome %u %H
        guest ok = No
        browseable = Yes
        create mask = 0664
        directory mask = 0775
        writeable = yes
        hide unreadable = yes

-- 
Florian Lohoff                                                 f at zz.de
     We need to self-defense - GnuPG/PGP enable your email today!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20150109/b79ef031/attachment.pgp>