Dear List,
I have CentOS 5.5 64bit (fully updated) , Samba3 3.5.5-43.el5 (SerNETSamba) , openldap-2.3.43-12.el5_5.2 , nss_ldap-253-25.el5 .My Problem is , If I login to the domain and run a program from the Samba3 Server it's slow , if I login from this same machine but this time to the local account, and then I go to the Samba3 server specify domain admin password when asked for it(only once,when accessing the desired share) and run the same program I'm 2-3x times faster. I've googled a bit, and found another guy was having speed problems when runing programs on a Samba3 server with ldap backend. But I must admit I'm no Openldap expert, if you can please take a look at my config and tell me what is wrong with it, it's probably the ldap part... what I did try sofar stoped openldap , and did a slapindex, and started it again but no help.
Bellow are my config files :
/etc/samba/smb.conf
[global]
use sendfile = yes read raw = yes write raw = yes #max xmit = 65535 dead time = 30 getwd cache = yes lock spin time = 200
workgroup = CAPRIOLOBIKE netbios name = PDC-SERVER server string = cfile-server
log file = /var/log/samba/log.%m max log size = 50
security = user
encrypt passwords = yes
# Added by moquist obey pam restrictions = No ldap passwd sync = Yes time server = Yes
unix password sync = no
# Added by moquist log level = 1 syslog = 0 mangling method = hash2 dos charset = 850 unix charset = ISO8859-1 passwd program = /usr/sbin/smbldap-passwd -u %u
username map = /etc/samba/smbusers
interfaces = bond0
local master = yes os level = 200 domain master = yes preferred master = yes domain logons = yes logon script = scripts%m.bat
# Added by moquist logon drive = X: logon home = \%L\home%U passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=capriolobike,dc=com ldap suffix = dc=capriolobike,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users ldap ssl = off ldap delete dn = Yes
# use the smbldap-tools scripts add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
logon path =
wins support = yes #dns proxy = yes
name resolve order = wins bcast hosts
#veto oplock files = /*.doc/*.xls/*.mdb/
#============================ Share Definitions ============================== idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no
[IPC$] path = /tmp browsable = No
[homes] comment = Home Directories valid users = %S browseable = No writable = yes create mask = 0600 directory mask = 0700
[netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes
[profiles] comment = Profile Share path = /var/lib/samba/profiles writeable = yes browseable = No create mode = 0600 directory mode = 0700
[backup1] comment = Private Backup 1 path = /share read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 valid users = denes invalid users = bikeclub oplocks = false level2 oplocks = false
[storage3] comment = Public Storage 3 path = /share5 read only = No create mask = 0777 directory mode = 0777 force create mode = 077 invalid users = bikeclub oplocks = false level2 oplocks = false
[storage2] comment = Public Storage 2 path = /share2 read only = No create mask = 0777 directory mask = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false
[storage] comment = Public Storage path = /share3 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false
[novosti] comment = Novosti path = /share4 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false
[drivers1] comment = Drivers 1 path = /drivers1 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false
[drivers2] comment = Drivers 2 path = /drivers2 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false
[drivers3] comment = Drivers 3 path = /drivers3 read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = false level2 oplocks = false
[K] path = /app_capri read only = No create mask = 0777 directory mode = 0777 force create mode = 0777 invalid users = bikeclub oplocks = true level2 oplocks = true
[T] path = /app_kripton read only = No create mask = 0777 directory mask = 0777 force create mode = 0777 invalid users = bikeclub oplocks = true level2 oplocks = true
[Q] path = /backuppc/WINGS read only = No create mask = 0777 directory mask = 0777 force create mode = 0777 invalid users = bikeclub oplocks = true level2 oplocks = true
/etc/openldap/ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable.
HOST 127.0.0.1 BASE dc=capriolobike,dc=com TLS_CACERTDIR /etc/openldap/cacerts
/etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable.
HOST 127.0.0.1 BASE dc=capriolobike,dc=com TLS_CACERTDIR /etc/openldap/cacerts [root@pdc-server openldap]# cat slapd.conf # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
pidfile /var/run/slapd.pid
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=capriolobike,dc=com" rootdn "cn=Manager,dc=capriolobike,dc=com" rootpw my_secret_code
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap
# Indices to maintain for this database index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub
/etc/ldap.conf
host 127.0.0.1 base dc=capriolobike,dc=com rootbinddn cn=nssldap,ou=DSA,dc=capriolobike,dc=com timelimit 30 bind_timelimit 30 ssl no pam_password md5 tls_cacertdir /etc/openldap/cacerts
bind_policy soft nss_initgroups_ignoreusers ldap
/var/lib/ldap/DB_CONFIG
# $OpenLDAP: pkg/ldap/servers/slapd/DB_CONFIG,v 1.1.2.4 2007/12/18 11:51:46 ghenry Exp $ # Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. # # See the Oracle Berkeley DB documentation # http://www.oracle.com/technology/documentation/berkeley-db/db/ref/env/db_co nfig.html # for detail description of DB_CONFIG syntax and semantics. # # Hints can also be found in the OpenLDAP Software FAQ # http://www.openldap.org/faq/index.cgi?file=2 # in particular: # http://www.openldap.org/faq/index.cgi?file=1075
# Note: most DB_CONFIG settings will take effect only upon rebuilding # the DB environment.
# one 0.25 GB cache set_cachesize 0 268435456 1
# Data Directory #set_data_dir db
# Transaction Log settings set_lg_regionmax 262144 set_lg_bsize 2097152 #set_lg_dir logs
# Note: special DB_CONFIG flags are no longer needed for "quick" # slapadd(8) or slapindex(8) access (see their -q option).
Sincerely Robert Becskei