getent passwd timeouts on samba 3.5.1

Nagaraj Shyam Nagaraj_Shyam at symantec.com
Wed Aug 18 16:10:01 MDT 2010 

Hi All.

 

I am using samba server 3.5.1 on SUSE Linux Enterprise Server 10
(x86_64).  Id map backend is configured to be a ldap server.  The # of
users in the windows domain is upwards of 10000.  I almost always see
"getent passwd" timeout after listing the "passwd" entries for about a
thousand users after a clean start (nothing in tdb files, nothing in
ldap backend database).  Sometimes it lists none at all.  Repeat
commands of "getent passwd" progressively list 250 more users.  wbinfo
-i is flakey as well - it is a hit or miss if it can list the user
information.

 

1.       One of the problem areas of code is in libnss_winbind.so 

 

samba-3.5.1/nsswitch/wb_common.c - 

         /* Wait for 5 seconds for a reply. May need to parameterise
this ... */

                tv.tv_sec = 5;

 

                if ((selret = select(winbindd_fd + 1, &r_fds, NULL,
NULL, &tv))== -1) {

                        winbind_close_sock();

                        return -1;                   /* Select error */

                }

 

                if (selret == 0) {

                        /* Not ready for read yet... */

                        if (total_time >= 30) {

                                /* Timeout */

                                winbind_close_sock();

 

 

The above timeout (of 30 seconds) is fairly frequently on my test setup.
Increasing the loop timeout from 5 sec to 30 sec and total timeout to
180 seconds, works always in my setup - this is a kludge really.

 

2.       I see the following issues at winbindd side:

The parent winbindd daemon creates a WINBINDD_GETPWNAM request that has
not even been picked up for servicing by the idmap winbindd daemon while
the 5 sec timeout has been hit in the wb_common.c inner loop above.

 

 

 

To make the solution better that works in all configurations (instead of
the kludge of increasing the timeout arbitrarily), we need a better
protocol b/w the client of winbindd service as well as between the
parent winbindd and the child daemons on the lines along the following:

 

 

-          The child winbindd daemon (idmap in this case),  needs to
update progress periodically, say any request completion indicates
progress.

-          The parent winbindd daemon needs to indicate to the client
(wbinfo, getent etc.) that progress is being made on the request and ask
for more time to service it (pending status).

-          Client should be enhanced to handle pending status to wait
for more time (there can be a hard limit which is much larger than the
current hardwired values).

 

Is the above area being looked at currently or is there a plan to
enhance the above in the future?

 

Thanks for any information/pointers to open bug ids. 

 

Regards.

-s

More information about the samba-technical mailing list