one of those horrible realisations

Charles N. Owens owensc at enc.edu
Fri Feb 4 20:05:37 GMT 2000 

Luke Kenneth Casson Leighton wrote:

> ok,  this is one of those nasty moments when you realise it's much more
> complex than you thought.
>
> multi-user systems, WinDD, WInframe, TSE.  multiplex multiple users onto
> one smbd process.

This is the _default_ behavior with TSE, yes.  We've got quite a bit of
TSE+Metaframe running hereabouts (served by a Samba PDC, of course !).  I've
read in various places that with WinFrame, WinDD (and perhaps TSE as well)
that the munging of all users onto a single SMB connection results in all
access from all users being mapped to the unix uid of the first connected
user (very bad).  When I first started playing with TSE this had me very
worried, but I quickly found out that this is _not_ an issue (at least with
TSE anyway).  Multiuser Samba access works just fine!

There is a huge scalability problem on the NT side, however, (and maybe with
Samba as well).  The number of open files for a single SMB connection is
limited (by NT) to 2048.  Once your TSE server approaches this limit
stability goes out the window (snicker).  We were seeing blue screens daily
until a kind soul on this list pointed us at MS Knowledge Base articles
(Q190162 & Q233082) that document this issue and provide a registry
modification that causes each user to get their own SMB connection.  After
putting in this fix our TSE stability went from awful to quite reasonable.

I quote from Q190162:

     To maintain compatibility with existing Server Message Block
     (SMB)-based products (for example, Windows NT 3.x and 4.0, Windows
     95), Terminal Server's use of SMB has not been modified from
     Windows NT Server 4.0. This can cause a problem if many Terminal
     Server users connect to a single network share, either on the
     Terminal Server or elsewhere on the network. The potential problem
     is an SMB limitation of 2048 open file handles.

It's amazing how nonchalant some of these KB articles are... almost as if
this isn't a big deal, or as if the current state of affairs was arrived at
by deliberate design.  We found that without the registry fix we could get
by with maybe 6 to 9 TSE users... but instability (~30 second freezes,
BSODs) would start creeping in fast if we added more.  This registry fix is
a _must_ with TSE.

[speculation] A possible implication here is that there may be some kind of
future (Win2K?) enhancement planned that will remove this limit on the
number of open file handles.  If not, then I think that Samba is fine as is,
at least with TSE and Win2K Terminal Services (maybe not Winframe, WinDD,
etc).  This is, of course, from the perspective of a user/SysAdmin... not
that of a Samba-hacker.  There may be deeper, more technical issues afoot.
>From where I sit, though, what we have now works, and works well!

There is probably some room for improvement on the Samba side in terms of
scalability.  With this registry fix in place, of course, each TSE user gets
their own smbd process... consuming 1.5-2 MB of RAM.  I'm guessing that the
more modular Samba-TNG architecture will bring some relief in this area? ...
in that the per-connection forked daemon is responsible for much less (just
file services) it should be much smaller, eh?  (don't mind my rambling about
the obvious [unless I'm wrong]... I've only lightly read about TNG)

Charles Owens


> smbd has multiple personalities, based on vuids (SMB virtual user ids).
>
> which vuid context are you supposed to make an MSRPC call under, if you
> only have one msrpc connection per pipe per smbd process?
>
> i.e, each vuid has totally separate msrpcd context.
>
> i.e each vuid must, under the current architecture, fork its own msrpc
> daemon process.
>
> basically, each REAL smb user MUST have their own msrpc daemon.
>
> it's not bad, it's just not a nice thing to realise at about 3 or 4 am.
>
> luke

--
-------------------------------------------------------------------------
  Charles N. Owens                               Email: owensc at enc.edu
                                            http://www.enc.edu/~owensc
  Network & Systems Administrator
  Information Technology Services  "Outside of a dog, a book is a man's
  Eastern Nazarene College         best friend.  Inside of a dog it's
                                   too dark to read." - Groucho Marx
-------------------------------------------------------------------------

More information about the samba-ntdom mailing list