[Samba] optimizing samba for 2000 users
Ankush Grover
ankushsamba at gmail.com
Thu Dec 27 10:58:55 GMT 2007
Hi Friends,
I am running samba on RHEL 4.4 64 bit server on HP Proliant AMD Opteron(tm)
Processor 254 with 4GB RAM.There are about 2000 users who access samba
shares for ex their home directories through ldap authentication. Most of
the users are using Windows XP SP2
For last few days we are seeing some errors in the logs file and samba
shares have become difficult to access.
fs1-3 smbd[4540]: [2007/12/27 15:00:32, 0]
auth/auth_domain.c:domain_client_validate(199)
fs1-3 smbd[4540]: domain_client_validate: unable to validate password for
user ankush in domain testing to Domain controller \\DC. Error was
NT_STATUS_WRONG_PASSWORD.
Dec 27 15:28:49 fs1-3 smbd[17243]: Error writing 4 bytes to client. -1.
(Connection reset by peer)
Dec 27 15:28:49 fs1-3 smbd[17420]: write_socket: Error writing 322 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:49 fs1-3 smbd[17421]: write_socket: Error writing 322 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:49 fs1-3 smbd[17541]: [2007/12/27 15:28:49, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:49 fs1-3 smbd[17422]: write_socket: Error writing 322 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:49 fs1-3 smbd[17423]: write_socket: Error writing 322 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:49 fs1-3 smbd[17424]: write_socket: Error writing 322 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:49 fs1-3 smbd[17217]: [2007/12/27 15:28:49, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:49 fs1-3 smbd[17538]: [2007/12/27 15:28:49, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:49 fs1-3 smbd[17377]: tdb_chainlock_with_timeout_internal:
alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb
Dec 27 15:29:01 fs1-3 smbd[17563]: [2007/12/27 15:29:01, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:49 fs1-3 smbd[17207]: [2007/12/27 15:28:49, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:50 fs1-3 smbd[17220]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:50 fs1-3 smbd[17380]: tdb_chainlock_with_timeout_internal:
alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb
Dec 27 15:28:50 fs1-3 smbd[17381]: tdb_chainlock_with_timeout_internal:
alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb
Dec 27 15:28:50 fs1-3 smbd[17222]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:send_smb(647)
Dec 27 15:28:50 fs1-3 smbd[17383]: tdb_chainlock_with_timeout_internal:
alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb
Dec 27 15:28:50 fs1-3 smbd[17219]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:50 fs1-3 smbd[17504]: getpeername failed. Error was Transport
endpoint is not connected
Dec 27 15:28:50 fs1-3 smbd[17384]: tdb_chainlock_with_timeout_internal:
alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb
Dec 27 15:28:50 fs1-3 smbd[17428]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:50 fs1-3 smbd[17509]: getpeername failed. Error was Transport
endpoint is not connected
Dec 27 15:28:50 fs1-3 smbd[17448]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:50 fs1-3 smbd[17386]: tdb_chainlock_with_timeout_internal:
alarm (10) timed out for key DC in tdb /etc/samba/secrets.tdb
Dec 27 15:28:50 fs1-3 smbd[17223]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:29:01 fs1-3 smbd[17223]: write_socket: Error writing 122 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:29:01 fs1-3 smbd[17223]: [2007/12/27 15:29:01, 0]
lib/util_sock.c:send_smb(647)
Dec 27 15:28:50 fs1-3 smbd[17481]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:50 fs1-3 smbd[17429]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:50 fs1-3 smbd[17483]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:50 fs1-3 smbd[17435]: write_socket: Error writing 171 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:50 fs1-3 smbd[17486]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:write_socket_data(430)
Dec 27 15:28:50 fs1-3 smbd[17485]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:50 fs1-3 smbd[17436]: write_socket: Error writing 171 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:50 fs1-3 smbd[17430]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:50 fs1-3 smbd[17547]: [2007/12/27 15:28:50, 0]
lib/util_sock.c:write_socket_data(430)
Dec 27 15:28:50 fs1-3 smbd[17261]: write_socket_data: write failure. Error
= Connection reset by peer
Dec 27 15:28:51 fs1-3 smbd[17431]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17432]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17224]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:51 fs1-3 smbd[17439]: getpeername failed. Error was Transport
endpoint is not connected
Dec 27 15:28:51 fs1-3 smbd[17434]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17437]: write_socket: Error writing 171 bytes
to socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:51 fs1-3 smbd[17438]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17238]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:51 fs1-3 smbd[17558]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17148]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:send_smb(647)
Dec 27 15:28:51 fs1-3 smbd[17265]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:51 fs1-3 smbd[17275]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:51 fs1-3 smbd[17449]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17366]: Error writing 322 bytes to client. -1.
(Connection reset by peer)
Dec 27 15:28:51 fs1-3 smbd[17450]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17264]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:write_socket_data(430)
Dec 27 15:28:51 fs1-3 smbd[17452]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17511]: write_socket_data: write failure. Error
= Connection reset by peer
Dec 27 15:28:51 fs1-3 smbd[17512]: write_socket_data: write failure. Error
= Connection reset by peer
Dec 27 15:28:51 fs1-3 smbd[17513]: write_socket_data: write failure. Error
= Connection reset by peer
Dec 27 15:28:51 fs1-3 smbd[17514]: write_socket_data: write failure. Error
= Connection reset by peer
Dec 27 15:28:51 fs1-3 smbd[17516]: write_socket_data: write failure. Error
= Connection reset by peer
Dec 27 15:28:51 fs1-3 smbd[17451]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:51 fs1-3 smbd[17149]: [2007/12/27 15:28:51, 0]
lib/util_sock.c:write_socket(455)
Dec 27 15:28:51 fs1-3 smbd[4292]: read_socket_data: recv failure for 4.
Error = Connection timed out
Dec 27 15:28:51 fs1-3 smbd[17160]: Error writing 122 bytes to client. -1.
(Connection reset by peer)
Dec 27 15:28:52 fs1-3 smbd[17453]: [2007/12/27 15:28:52, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:52 fs1-3 smbd[17517]: getpeername failed. Error was Transport
endpoint is not connected
Dec 27 15:28:52 fs1-3 smbd[17454]: [2007/12/27 15:28:52, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:52 fs1-3 smbd[17365]: Error writing 171 bytes to client. -1.
(Connection reset by peer)
Dec 27 15:28:52 fs1-3 smbd[17367]: Error writing 171 bytes to client. -1.
(Connection reset by peer)
Dec 27 15:28:52 fs1-3 smbd[17368]: write_socket: Error writing 4 bytes to
socket 5: ERRNO = Connection reset by peer
Dec 27 15:28:52 fs1-3 smbd[17458]: [2007/12/27 15:28:52, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:52 fs1-3 smbd[17470]: [2007/12/27 15:28:52, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:52 fs1-3 smbd[17271]: write_socket_data: write failure. Error
= Connection reset by peer
Dec 27 15:28:52 fs1-3 smbd[17463]: [2007/12/27 15:28:52, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 27 15:28:52 fs1-3 smbd[17456]: [2007/12/27 15:28:52, 0]
lib/util_sock.c:get_peer_addr(1000)
Searching on the google I found the some articles suggesting to block 445
through iptables and putting smb ports =139 in smb.conf. I have done both
of the things but still getting these errors. Most of the time there are
more than 5000 smb connections/processes on the server and load is also
high. Even I kill these connections are restart samba within few mins I can
see more than 3000 samba connections and there are not more than 2000 users
accessing samba server at the same time.
ps -efm | grep smb | wc -l
6827
samba configuration
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = testing
realm = testing.com
server string = Home Folders
security = ADS
password server = dc.testing.com
smb ports = 139
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_KEEPALIVE
load printers = No
printcap name = /etc/printcap
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
samba rpms installed on the server
samba-3.0.10-1.4E.9
samba-common-3.0.10-1.4E.9
system-config-samba-1.2.21-1
samba-common-3.0.10-1.4E.9
samba-client-3.0.10-1.4E.9
Kindly suggest a way to get rid of these errors.
Thanks & Regards
Ankush
More information about the samba
mailing list