Slow Samba

[apachenewby]

Hello,
We have a samba server that's integrated with Windows Active Directory. So not using smbpasswd since as long as the Windows user also exists on the Linux server running samba, user is authenticated on the fly using Windows password. Not using winbind though. The problem we're having is that when connecting to samba server to get to the file share on samba, it takes about 10+ sec to open. When it wasn't integrated with Active Directory and thus using smbpasswd for authentication, access to it was instant with no delay.
Below is the log and the files on the system.
Any recommendation would be appreciated.

smb.conf:
workgroup = HAMMING
realm = HAMMING.COM
server string = Samba Server
security = ADS
lanman auth = No
client lanman auth = No
client plaintext auth = No
log file = /var/log/samba/%m.log
max log size = 50
name resolve order = wins bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = Yes
domain master = No
local master = No
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
invalid users = nobody

krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
EXAMPLE.COM = {
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}

[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

Log:
**Unmatched Entries**
auth/auth_domain.c:connect_to_domain_password_server(100) connect_to_domain_password_server: unable to open the domain client session to machine DC. Error was : NT_STATUS_PIPE_NOT_AVAILABLE. : 1 Time(s)
auth/auth_domain.c:domain_client_validate(199) domain_client_validate: unable to validate password for user HRta1 in domain HAMMING to Domain controller \\DC. Error was NT_STATUS_NO_SUCH_USER. : 3 Time(s)
auth/auth_domain.c:domain_client_validate(199) domain_client_validate: unable to validate password for user HR2 in domain HAMMING to Domain controller \\DC. Error was NT_STATUS_NO_SUCH_USER. : 2 Time(s)
auth/auth_domain.c:domain_client_validate(199) domain_client_validate: unable to validate password for user pit in domain HAMMING to Domain controller \\DC. Error was NT_STATUS_NO_SUCH_USER. : 12 Time(s)
auth/auth_util.c:make_server_info_info3(1177) make_server_info_info3: pdb_init_sam failed! : 373 Time(s)
lib/util_sock.c:get_peer_HAMMINGdr(1000) : 1 Time(s)
lib/util_sock.c:get_peer_HAMMINGdr(1000) getpeername failed. Error was Transport endpoint is not connected : 413 Time(s)
rpc_client/cli_pipe.c:cli_nt_session_open(1451) cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine DC. Error was NT_STATUS_PIPE_NOT_AVAILABLE : 1 Time(s)
smbd/server.cpen_sockets_smbd(348) Reloading services after SIGHUP : 1 Time(s)
smbd/service.c:make_connection_snum(570) Can't become connected user! : 438 Time(s)
smbd/service.c:make_connection_snum(570) getpeername failed. Error was Transport endpoint is not connected Can't become connected user! : 1 Time(s)


smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\ACTNG-EL$ is invalid on this system : 2 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\ACTNG-ST$ is invalid on this system : 2 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-AB$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-AM$ is invalid on this system : 4 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-T2$ is invalid on this system : 2 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-T1$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-AN$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-DA$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-LA$ is invalid on this system : 2 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-ME$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-PA$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-PS$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-SH$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-TR$ is invalid on this system : 2 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-21$ is invalid on this system : 2 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\HR-49$ is invalid on this system : 3 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\PREM-HAMMING$ is invalid on this system : 1 Time(s)
smbd/sesssetup.c:reply_spnego_kerberos(250) Username HAMMING.COM\PREM-AN$ is invalid on this system

 

[PHV]

Don't you have an unmatched { in your smb.conf ?

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886