samba - Feb 2021 - Long time before user shows up on member server

On Mon, 8 Feb 2021, Rowland penny via samba wrote:
> On 08/02/2021 12:31, Harald Hannelius via samba wrote:
>> 
>> I have two Samba-servers acting as ROLE_ACTIVE_DIRECTORY_DC. When
creating
>> a new user I found out that it takes over 220 seconds before the user
shows
>> up using 'getent' in a member-server.
>> 
>> Is there a way to speed this up a bit?
>
> Just because 'getent' doesn't immediately show a user on a Unix
domain member
> doesn't mean it isn't available, but if you want to speed things
up, run 'net
> cache flush' before running getent.
Thanks, this helped a bit. The wait time for the user dropped to 116 
seconds. This might be just luck, I have to wait for some more samples to 
drop in.

No nscd running on the member-server.

-- 

Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020

On Tue, 9 Feb 2021, Harald Hannelius via samba wrote:
>
> On Mon, 8 Feb 2021, Rowland penny via samba wrote:
>
>> On 08/02/2021 12:31, Harald Hannelius via samba wrote:
>>> 
>>> I have two Samba-servers acting as ROLE_ACTIVE_DIRECTORY_DC. When
creating
>>> a new user I found out that it takes over 220 seconds before the
user
>>> shows up using 'getent' in a member-server.
>>> 
>>> Is there a way to speed this up a bit?
>> 
>> Just because 'getent' doesn't immediately show a user on a
Unix domain
>> member doesn't mean it isn't available, but if you want to
speed things up,
>> run 'net cache flush' before running getent.
>
> Thanks, this helped a bit. The wait time for the user dropped to 116
seconds.
> This might be just luck, I have to wait for some more samples to drop in.
>
> No nscd running on the member-server.
Nope, didn't help. I got one user who appeared without looping and another 
that the script waited 299 seconds for it to appear.

Should I maybe run 'net cache flush' withing the loop, what if I run it
once
a second?

-- 

Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020

Something in the DNS resolving is off. 

Can you run the following script on all the AD-DCs.
and the problem Member server. 
If you anonymize it, keep the setup structure the same. 
Like netbios name = HOSTNAME_CAPS_OR_NOT  
or if realm = internal.domain.tld  , use INT.REALM.TLD  
we need exact as it. 

https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Harald
Hannelius
> via samba
> Verzonden: woensdag 10 februari 2021 9:30
> Aan: Rowland penny; samba at lists.samba.org
> Onderwerp: Re: [Samba] Long time before user shows up on member server
> 
> 
> On Tue, 9 Feb 2021, Harald Hannelius via samba wrote:
> >
> > On Mon, 8 Feb 2021, Rowland penny via samba wrote:
> >
> >> On 08/02/2021 12:31, Harald Hannelius via samba wrote:
> >>>
> >>> I have two Samba-servers acting as ROLE_ACTIVE_DIRECTORY_DC.
When
> creating
> >>> a new user I found out that it takes over 220 seconds before
the user
> >>> shows up using 'getent' in a member-server.
> >>>
> >>> Is there a way to speed this up a bit?
> >>
> >> Just because 'getent' doesn't immediately show a user
on a Unix domain
> >> member doesn't mean it isn't available, but if you want to
speed things
> up,
> >> run 'net cache flush' before running getent.
> >
> > Thanks, this helped a bit. The wait time for the user dropped to 116
> seconds.
> > This might be just luck, I have to wait for some more samples to drop
> in.
> >
> > No nscd running on the member-server.
> 
> Nope, didn't help. I got one user who appeared without looping and
another
> that the script waited 299 seconds for it to appear.
> 
> Should I maybe run 'net cache flush' withing the loop, what if I
run it
> once
> a second?
> 
> --
> 
> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba