Jefferson Parreira dos Santos Emerick
2015-Jan-19  18:22 UTC
[Samba] Slow ldap authentication against samba 4
hi everyone... somebody has experimented any problems with poor performance about ldap authentication against samba 4? I'm trying authentication with 300 users and many users can't login. Some conections are rejected. I doesn't found anything searching on internet. Any help? -- Grato, Jefferson Parreira dos Santos Emerick
On Mon, Jan 19, 2015 at 1:22 PM, Jefferson Parreira dos Santos Emerick <jeparre at gmail.com> wrote:> hi everyone... somebody has experimented any problems with poor > performance about ldap authentication against samba 4? I'm trying > authentication with 300 users and many users can't login. Some conections > are rejected. I doesn't found anything searching on internet. Any help? >Can the same users authenticate against other devices/services using ldap without issues? What does the log file say?> > -- > Grato, > Jefferson Parreira dos Santos Emerick > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Mon, Jan 19, 2015 at 1:22 PM, Jefferson Parreira dos Santos Emerick <jeparre at gmail.com> wrote:> hi everyone... somebody has experimented any problems with poor > performance about ldap authentication against samba 4? I'm trying > authentication with 300 users and many users can't login. Some conections > are rejected. I doesn't found anything searching on internet. Any help? >Can the same users authenticate against other devices/services using ldap without issues? What does the log file say?> > -- > Grato, > Jefferson Parreira dos Santos Emerick > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 19/01/15 18:22, Jefferson Parreira dos Santos Emerick wrote:> hi everyone... somebody has experimented any problems with poor > performance about ldap authentication against samba 4? I'm trying > authentication with 300 users and many users can't login. Some conections > are rejected. I doesn't found anything searching on internet. Any help? > > > -- > Grato, > Jefferson Parreira dos Santos EmerickHi, are you using samba in 'classic' mode with openldap, or you referring to the builtin samba ldap when used in AD DC mode. Could you post your smb.conf Rowland
On 19/01/15 19:50, Jefferson Parreira dos Santos Emerick wrote:> Hi.. so.. I did the classicupgrade from samba3 with sucess. Users can > login how i expected. The problem happen when i try many users to > logon to samba 4. This is very slow and some users can't login and the > message that i got is: "Can't contact LDAP server". I didn't see > anything more in samba log's. > > The *samba's* version i'm using is *4.1.14* with *bind 9.10* > > Here is my conf: > > # Global parameters > [global] > workgroup = XXXXXX > realm = XXXXXX.XXX.XXX > netbios name = XXXXXXXXXX > server role = active directory domain controller > private dir = /opt/samba/private > log level = 2 > lock directory = /opt/samba > state directory = /opt/samba/state > cache directory = /opt/samba/cache > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > > interfaces = 127.0.0.1 10.1.0.65 > bind interfaces only = yes > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 > SO_SNDBUF=65536 > max mux = 1000 > > [netlogon] > path = /opt/samba/state/sysvol/xxxxx.xxx.xx/scripts > <http://conab.gov.br/scripts> > read only = No > > [sysvol] > path = /opt/samba/state/sysvol > read only = No > > > I thank you for the help. > > Sorry by my english. >Hi, remove the 'socket options' & 'max mux' lines, you shouldn't use the first and you shouldn't need to change the second. What OS are you using ? I take it your clients are joined to the domain, are they using roaming profiles ?? Did you compile samba yourself ? Don't worry about your English, it is a lot better than my Brazilian :-D Rowland
On 20/01/15 11:07, Jefferson Parreira dos Santos Emerick wrote:> Good morning, dude. > I compiled 'cause i already tried use other package version and didn't > work properly. > Yeah yeah.. about the network, is very well. Everything working fine. > > I'm just trying simple bind of many users or many times with one user > and the ldap response is very slow or sometimes can't login. The same > test in OpenLDAP or AD is working fine > > That is more strange for me. The same test with AD that is part of the > domain works like a charm. > -- >Could you be a bit more precise on how you are binding to the ldap in AD, what are you trying to achieve ?? Rowland
On 20/01/15 11:14, Jefferson Parreira dos Santos Emerick wrote:> ? Yeah.. I wrote a simple script in python to test it. Here is the scrit: > > *import ldap* > *from threading import Thread* > *import time* > *import sys* > * > * > *class LDAPTtryThread(Thread):* > * > * > * def __init__(self, **kwargs):* > * Thread.__init__(self)* > *self.id <http://self.id> = kwargs.get('id')* > * self.host = kwargs.get('host')* > * self.username = kwargs.get('username')* > * self.password = kwargs.get('password')* > * self.timeout = kwargs.get('timeout',None)* > * > * > * def run(self):* > * try:* > * l = ldap.open(self.host)* > * l.protocol_version = ldap.VERSION3* > * l.port = 389* > * if self.timeout:* > * l.set_option(ldap.OPT_TIMEOUT, self.timeout)* > * l.simple_bind_s(self.username, self.password)* > * print '%s OK' %self.id <http://self.id>* > * except ldap.LDAPError, e:* > * print '%s FAIL' %self.id <http://self.id>, e* > * > * > *for i in range(int(sys.argv[4])):* > * timeout = None* > * if len(sys.argv) > 5:* > * timeout = int(sys.argv[5])* > * LDAPTesteThread(* > * id=i, host=sys.argv[1], username=sys.argv[2], > password=sys.argv[3],timeout=timeout).start()* > ? >Hmm, no idea if that is part of the problem or not, to me python is a snake :-D Why do you want to use ldap authentication ? Do you have some specific programs that you want to connect to AD ? Rowland
Jefferson P. S. Emerick
2015-Aug-13  13:23 UTC
[Samba] Slow ldap authentication against samba 4
Good Morning. So.. anybody else have this same issue? Slow ldap authentication? -- Grato, Jefferson Parreira dos Santos Emerick 2015-01-20 9:52 GMT-02:00 Jefferson Parreira dos Santos Emerick < jeparre at gmail.com>:> I have many corporate systems that connect to Samba 4 for authentication > and a considerable number of users and machines that need this > authentication working well and smoothly. > I try a java script too, with the same problem. > > I found foruns with the same problem about postfix trying to use samba4 > and having trouble in slow tree search or auth, without solution. > > -- > Grato, > Jefferson Parreira dos Santos Emerick > > 2015-01-20 9:42 GMT-02:00 Rowland Penny <rowlandpenny at googlemail.com>: > >> On 20/01/15 11:14, Jefferson Parreira dos Santos Emerick wrote: >> >>>  Yeah.. I wrote a simple script in python to test it. Here is the scrit: >>> >>> *import ldap* >>> *from threading import Thread* >>> *import time* >>> *import sys* >>> * >>> * >>> *class LDAPTtryThread(Thread):* >>> * >>> * >>> * def __init__(self, **kwargs):* >>> * Thread.__init__(self)* >>> *self.id <http://self.id> = kwargs.get('id')* >>> * self.host = kwargs.get('host')* >>> * self.username = kwargs.get('username')* >>> * self.password = kwargs.get('password')* >>> * self.timeout = kwargs.get('timeout',None)* >>> * >>> * >>> * def run(self):* >>> * try:* >>> * l = ldap.open(self.host)* >>> * l.protocol_version = ldap.VERSION3* >>> * l.port = 389* >>> * if self.timeout:* >>> * l.set_option(ldap.OPT_TIMEOUT, self.timeout)* >>> * l.simple_bind_s(self.username, self.password)* >>> * print '%s OK' %self.id <http://self.id>* >>> * except ldap.LDAPError, e:* >>> * print '%s FAIL' %self.id <http://self.id>, e* >>> * >>> * >>> *for i in range(int(sys.argv[4])):* >>> * timeout = None* >>> * if len(sys.argv) > 5:* >>> * timeout = int(sys.argv[5])* >>> * LDAPTesteThread(* >>> * id=i, host=sys.argv[1], username=sys.argv[2], >>> password=sys.argv[3],timeout=timeout).start()* >>>  >>> >>> >> Hmm, no idea if that is part of the problem or not, to me python is a >> snake :-D >> >> Why do you want to use ldap authentication ? >> >> Do you have some specific programs that you want to connect to AD ? >> >> >> Rowland >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >
On 8/13/2015 9:23 AM, Jefferson P. S. Emerick wrote:> Good Morning. > > So.. anybody else have this same issue? Slow ldap authentication? > > -- > Grato, > Jefferson Parreira dos Santos Emerick > > 2015-01-20 9:52 GMT-02:00 Jefferson Parreira dos Santos Emerick < > jeparre at gmail.com>: > >> I have many corporate systems that connect to Samba 4 for authentication >> and a considerable number of users and machines that need this >> authentication working well and smoothly. >> I try a java script too, with the same problem. >> >> I found foruns with the same problem about postfix trying to use samba4 >> and having trouble in slow tree search or auth, without solution. >> >> -- >> Grato, >> Jefferson Parreira dos Santos Emerick >> >> 2015-01-20 9:42 GMT-02:00 Rowland Penny <rowlandpenny at googlemail.com>: >> >>> On 20/01/15 11:14, Jefferson Parreira dos Santos Emerick wrote: >>> >>>>  Yeah.. I wrote a simple script in python to test it. Here is the scrit: >>>> >>>> *import ldap* >>>> *from threading import Thread* >>>> *import time* >>>> *import sys* >>>> * >>>> * >>>> *class LDAPTtryThread(Thread):* >>>> * >>>> * >>>> * def __init__(self, **kwargs):* >>>> * Thread.__init__(self)* >>>> *self.id <http://self.id> = kwargs.get('id')* >>>> * self.host = kwargs.get('host')* >>>> * self.username = kwargs.get('username')* >>>> * self.password = kwargs.get('password')* >>>> * self.timeout = kwargs.get('timeout',None)* >>>> * >>>> * >>>> * def run(self):* >>>> * try:* >>>> * l = ldap.open(self.host)* >>>> * l.protocol_version = ldap.VERSION3* >>>> * l.port = 389* >>>> * if self.timeout:* >>>> * l.set_option(ldap.OPT_TIMEOUT, self.timeout)* >>>> * l.simple_bind_s(self.username, self.password)* >>>> * print '%s OK' %self.id <http://self.id>* >>>> * except ldap.LDAPError, e:* >>>> * print '%s FAIL' %self.id <http://self.id>, e* >>>> * >>>> * >>>> *for i in range(int(sys.argv[4])):* >>>> * timeout = None* >>>> * if len(sys.argv) > 5:* >>>> * timeout = int(sys.argv[5])* >>>> * LDAPTesteThread(* >>>> * id=i, host=sys.argv[1], username=sys.argv[2], >>>> password=sys.argv[3],timeout=timeout).start()* >>>>  >>>> >>>> >>> Hmm, no idea if that is part of the problem or not, to me python is a >>> snake :-D >>> >>> Why do you want to use ldap authentication ? >>> >>> Do you have some specific programs that you want to connect to AD ? >>> >>> >>> Rowland >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>I configured squid-cache proxy server to use Samba4 AD DC as the ldap server, and I don't see any slow authentication. This is a production setup. Allen -- Allen Chen Network Administrator IT Harbourfront Centre 235 Queens Quay West, Toronto, ON M5J 2G8, Canada | harbourfrontcentre.com <http://www.harbourfrontcentre.com> Office: +1 416 973 7973 Cell: +1 416 556 2493