Let me start this issue with a little background. We use Microsoft Active Directory as our LDAP server. Using validated Microsoft components (Microsoft Services For Unix) we have extended its LDAP schema to allow unix servers like unix to authenticate againt ADs LDAP server so that services like ssh, samba, su, ftp, etc can use the MS password db. I have had no issue woth RHEL 2 AS, RHEL 3 AS using these services. Everything has been great. I get fast lookups against AD for authentication when I su/ssh/ftp/smb as any AD user. Life is pretty good. When I use RHEL 4 AS, it works too, but there is a problem. If I ssh/ftp/su/smb as root or any local /etc/passwd user, the repsonse time is fast. If I su/ssh/smb/ftp as a LDAP user (after AD is using LDAP, just modified) the response time is ~15 seconds. If I enable nscd, the first su/ssh/ftp/smb attempt takes ~15 swconds. The subsequent attempts are almost instantaneous. On RHEL 2 AS and RHEL 3 AS, I do not even need nscd to speed up lookups against AD for su/ssh/ftp/smb. What is the problem with RHEL 4? I even did an up2date from U1 to U2 and this made no difference. Is there anything I can do to speed up this lookup? Again, RHEL AS 2 and 3 against the same AD server is always fast. It is just RHEL 4 that seems slow. Granted, on RH AS 2 I compiled nss and pam libraies to work with AD LDAP as RH AS. In other words, RHEL 2 and 3 does not work with Microsofts implementation of LDAP unless you update pam and nss libraries, not to mention openldap must be upgraded. On, RHEL4 everything works out of the box excpet for this lookup delay problem. Let me know as this is critical for an upcoming migration from RHEL AS 2 to RHEL 4 AS Thanks Regards, Komal -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
