Chris Stankevitz
2017-Jan-31 22:24 UTC
[Samba] net ads and wbinfo are painfully slow -- but they work
On Tue, Jan 31, 2017 at 12:36 PM, Rowland Penny via samba <samba at lists.samba.org> wrote:> time net ads testjoin > Join is OK > > real 0m0.476s > user 0m0.108s > sys 0m0.008sYes, I know... I have a similar setup (same version of samba, same hardware, same OS but a different windows domain on a different network) that is working fine.> Is the Windows AD DC running a dns server ? > Does the Unix client have the AD DC as its nameserver ?Yes and yes. If I didn't have that, I'm not sure how samba could have joined the domain given my configuration. (But I don't understand what is going on under the hood.)> Can you post your /etc/resolv.conf and /etc/hostsConfig files posted below. But first an exciting hint: When I try to ssh into the box while samba utilities (like "net ads" and "wbinfo") are frozen -- the ssh login is also frozen until everything is released. Maybe nsswitch I fouled. /etc/resolv.conf: root at nickel:~ # cat /etc/resolv.conf nameserver 192.168.11.5 nameserver 192.168.1.4 domain mydomain.local /etc/hosts: 127.0.0.1 localhost localhost.mydomain.local 192.168.11.3 nickel.mydomain.local nickel 192.168.1.2 iron.mydomain.local iron /etc/nsswitch.conf: # default #group: compat #group_compat: nis #passwd: compat #passwd_compat: nis # 20170131 samba setup group: files winbind passwd: files winbind hosts: files dns networks: files shells: files services: compat services_compat: nis protocols: files rpc: files Thanks again, Chris
Rowland Penny
2017-Jan-31 22:45 UTC
[Samba] net ads and wbinfo are painfully slow -- but they work
On Tue, 31 Jan 2017 14:24:09 -0800 Chris Stankevitz <chrisstankevitz at gmail.com> wrote:> On Tue, Jan 31, 2017 at 12:36 PM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > time net ads testjoin > > Join is OK > > > > real 0m0.476s > > user 0m0.108s > > sys 0m0.008s > > Yes, I know... I have a similar setup (same version of samba, same > hardware, same OS but a different windows domain on a different > network) that is working fine. > > > Is the Windows AD DC running a dns server ? > > Does the Unix client have the AD DC as its nameserver ? > > Yes and yes. If I didn't have that, I'm not sure how samba could have > joined the domain given my configuration. (But I don't understand > what is going on under the hood.) > > > Can you post your /etc/resolv.conf and /etc/hosts > > Config files posted below. But first an exciting hint: > > When I try to ssh into the box while samba utilities (like "net ads" > and "wbinfo") are frozen -- the ssh login is also frozen until > everything is released. Maybe nsswitch I fouled. > > > /etc/resolv.conf: > root at nickel:~ # cat /etc/resolv.conf > nameserver 192.168.11.5 > nameserver 192.168.1.4 > domain mydomain.local >I take it at least one of the above nameservers is the AD DC, is the other another AD DC ? If it isn't, then remove it. If they are both DCs, try changing the order. I would also change the 'domain mydomain.local' to 'search mydomain.local' Is a firewall getting in the way ?> > /etc/hosts: > 127.0.0.1 localhost localhost.mydomain.local > 192.168.11.3 nickel.mydomain.local nickel > 192.168.1.2 iron.mydomain.local ironI take it the machine has a fixed IP and as you are relying on dns to find the DC (as you should), you do not need the line that starts '192.168.1.2' Can you ping the DC from 'nickel', both by IP and name ? Is winbind actually running ? Rowland
L.P.H. van Belle
2017-Feb-01 08:47 UTC
[Samba] net ads and wbinfo are painfully slow -- but they work
We are missing the content of /etc/nsswitch.conf Can you post that also. But you probely see: hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 i suggest hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4 since your using a .local TLD which is really not recommended. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via > samba > Verzonden: dinsdag 31 januari 2017 23:45 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] net ads and wbinfo are painfully slow -- but they > work > > On Tue, 31 Jan 2017 14:24:09 -0800 > Chris Stankevitz <chrisstankevitz at gmail.com> wrote: > > > On Tue, Jan 31, 2017 at 12:36 PM, Rowland Penny via samba > > <samba at lists.samba.org> wrote: > > > time net ads testjoin > > > Join is OK > > > > > > real 0m0.476s > > > user 0m0.108s > > > sys 0m0.008s > > > > Yes, I know... I have a similar setup (same version of samba, same > > hardware, same OS but a different windows domain on a different > > network) that is working fine. > > > > > Is the Windows AD DC running a dns server ? > > > Does the Unix client have the AD DC as its nameserver ? > > > > Yes and yes. If I didn't have that, I'm not sure how samba could have > > joined the domain given my configuration. (But I don't understand > > what is going on under the hood.) > > > > > Can you post your /etc/resolv.conf and /etc/hosts > > > > Config files posted below. But first an exciting hint: > > > > When I try to ssh into the box while samba utilities (like "net ads" > > and "wbinfo") are frozen -- the ssh login is also frozen until > > everything is released. Maybe nsswitch I fouled. > > > > > > /etc/resolv.conf: > > root at nickel:~ # cat /etc/resolv.conf > > nameserver 192.168.11.5 > > nameserver 192.168.1.4 > > domain mydomain.local > > > > I take it at least one of the above nameservers is the AD DC, is the > other another AD DC ? If it isn't, then remove it. If they are both > DCs, try changing the order. > I would also change the 'domain mydomain.local' to 'search > mydomain.local' > > Is a firewall getting in the way ? > > > > > /etc/hosts: > > 127.0.0.1 localhost localhost.mydomain.local > > 192.168.11.3 nickel.mydomain.local nickel > > 192.168.1.2 iron.mydomain.local iron > > I take it the machine has a fixed IP and as you are relying on dns to > find the DC (as you should), you do not need the line that starts > '192.168.1.2' > > Can you ping the DC from 'nickel', both by IP and name ? > > Is winbind actually running ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2017-Feb-01 09:12 UTC
[Samba] net ads and wbinfo are painfully slow -- but they work
On Wed, 1 Feb 2017 09:47:38 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> We are missing the content of /etc/nsswitch.conf > Can you post that also. > > But you probely see: > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > > i suggest > hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4 > > since your using a .local TLD which is really not recommended. > >He already has posted it ;-) /etc/nsswitch.conf: # default #group: compat #group_compat: nis #passwd: compat #passwd_compat: nis # 20170131 samba setup group: files winbind passwd: files winbind hosts: files dns networks: files shells: files services: compat services_compat: nis protocols: files rpc: files He is also unlikely to be running avahi, he is using Freebsd 10.3 Rowland
L.P.H. van Belle
2017-Feb-01 09:20 UTC
[Samba] net ads and wbinfo are painfully slow -- but they work
Oeps .. missed that one.. En freebsd.. aah... and im gone... Sorry for the noise. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via > samba > Verzonden: woensdag 1 februari 2017 10:12 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] net ads and wbinfo are painfully slow -- but they > work > > On Wed, 1 Feb 2017 09:47:38 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > We are missing the content of /etc/nsswitch.conf > > Can you post that also. > > > > But you probely see: > > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > > > > i suggest > > hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4 > > > > since your using a .local TLD which is really not recommended. > > > > > > He already has posted it ;-) > > /etc/nsswitch.conf: > # default > #group: compat > #group_compat: nis > #passwd: compat > #passwd_compat: nis > > # 20170131 samba setup > group: files winbind > passwd: files winbind > > hosts: files dns > networks: files > shells: files > services: compat > services_compat: nis > protocols: files > rpc: files > > He is also unlikely to be running avahi, he is using Freebsd 10.3 > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Chris Stankevitz
2017-Feb-02 17:36 UTC
[Samba] net ads and wbinfo are painfully slow -- but they work
On Tue, Jan 31, 2017 at 2:45 PM, Rowland Penny via samba <samba at lists.samba.org> wrote:>> /etc/resolv.conf: >> root at nickel:~ # cat /etc/resolv.conf >> nameserver 192.168.11.5 >> nameserver 192.168.1.4 >> domain mydomain.local >> > > I take it at least one of the above nameservers is the AD DC, is the > other another AD DC ? If it isn't, then remove it. If they are both > DCs, try changing the order.They are both DCs. I will try changing the order. Is it possible for me to restrict winbindd so that it attempt to only contact one of the two DCs? Once DC is local and another DC is remote (goes through a firewall and is 80 ms ping time away).> I would also change the 'domain mydomain.local' to 'search > mydomain.local'I will try.> Is a firewall getting in the way ?Possibly. Winbind seems to prefer using the DC that is through a firewall (see my comment above).>> /etc/hosts: >> 127.0.0.1 localhost localhost.mydomain.local >> 192.168.11.3 nickel.mydomain.local nickel >> 192.168.1.2 iron.mydomain.local iron > > I take it the machine has a fixed IP and as you are relying on dns to > find the DC (as you should), you do not need the line that starts > '192.168.1.2'Yes, I agree. I will remove it.> Can you ping the DC from 'nickel', both by IP and name ?Yes> Is winbind actually running ?Yes Thanks again, Chris
Maybe Matching Threads
- net ads and wbinfo are painfully slow -- but they work
- net ads and wbinfo are painfully slow -- but they work
- net ads and wbinfo are painfully slow -- but they work
- net ads and wbinfo are painfully slow -- but they work
- net ads and wbinfo are painfully slow -- but they work