[KLUG Members] slow ldap authentication

[agencies_ad1 at sancharnet.in]

Hello
Let me start this issue with a little background. We use Microsoft Active
Directory as our LDAP server. Using validated Microsoft components (Microsoft
Services For Unix) we have extended its LDAP schema to allow unix servers like
unix to authenticate againt ADs LDAP server so that services like ssh, samba,
su, ftp, etc can use the MS password db. I have had no issue woth RHEL 2 AS,
RHEL 3 AS using these services. Everything has been great. I get fast lookups
against AD for authentication when I su/ssh/ftp/smb as any AD user. Life is
pretty good. When I use RHEL 4 AS, it works too, but there is a problem. If I
ssh/ftp/su/smb as root or any local /etc/passwd user, the repsonse time is
fast. If I su/ssh/smb/ftp as a LDAP user (after AD is using LDAP, just
modified) the response time is ~15 seconds. If I enable nscd, the first
su/ssh/ftp/smb attempt takes ~15 swconds. The subsequent attempts are almost
instantaneous. On RHEL 2 AS and RHEL 3 AS, I do not even need nscd to speed up
lookups against AD for su/ssh/ftp/smb. What is the problem with RHEL 4? I even
did an up2date from U1 to U2 and this made no difference. Is there anything I
can do to speed up this lookup? Again, RHEL AS 2 and 3 against the same AD
server is always fast. It is just RHEL 4 that seems slow. Granted, on RH AS 2 I
compiled nss and pam libraies to work with AD LDAP as RH AS. In other words,
RHEL 2 and 3 does not work with Microsofts implementation of LDAP unless you
update pam and nss libraries, not to mention openldap must be upgraded. On,
RHEL4 everything works out of the box excpet for this lookup delay problem. Let
me know as this is critical for an upcoming migration from RHEL AS 2 to RHEL 4
AS

Thanks

Regards,

Komal

----------------------------------------------------------------
This message was sent using NWebmail, BSNL's Webmail Program