Alfred von Campe wrote:
On Feb 13, 2008, at 11:37, Scott Silva wrote:
I didn't see it but did you do a 'uname-a" on both systems to see if one is running a PAE kernel?
No, that was not it. But I did finally track it down. There was one additional difference in the software configuration that I had forgotten about. The CentOS 5.1 system is in a different NIS domain and it has Kerberos enabled. We are going to move to an integrated NIS/AD environment to have a single sign-on for Windows and UNIX/ Linux, and I was planning to roll that out at the same time as CentOS 5.1. The performance issue went away when I used a local account to do the build, and also on another CentOS 5.1 system (on identical HW) that was bound to the old NIS domain.
Needless to say, we can not roll out CentOS 5.1 in the new NIS domain. I will be talking to the corporate IT folks tomorrow to track down what is causing this issue.
Ah, I advise using Samba's winbind and the RID idmap backend. Winbind and it's local tdb cache is an order of magnitude faster then NIS and several orders of magnitude faster then nss_ldap.
I haven't tested Samba's ldap backend cause we have an AD domain here.
Winbind is a whole lot easier to setup and manages the kerberos keytab files too. We have winbind for user/group lookup and kerberos for authentication, works well and is fairly easy to automate setup through kickstart.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.