Samba NIS problem and solution

Brian M Hoy grbmh0 at
Wed Oct 18 02:26:13 GMT 2000

Hi Jerry,

We have recently upgraded from Samba 2.0.5a to 2.0.7 (both using Solaris 2.6 on
an Ultra-1). Everything was fine, except that our NIS server was now idling at
between 5-10%, instead of the prior 0.3-0.5%.

Anyway, to cut a long story short, when Samba checks to see if a user is in a
group (lib/username.c:user_in_group_list) it iterates through every group (think
setgrent, getgrent, endgrent) looking for the group in question.  When you have
lots of users and 320+ groups, and regularly perform this _linear_ search and
wrap each iteration up in RPC calls to NIS you are going to take a CPU hit.

The solution to this problem is conveniently located in the old 2.0.5a code!
Simply call getgrnam() once - one RPC call and the NIS server can search
efficiently (think hashes), and suddenly the loading on ypserv drops fifteen

There are no hints in the release notes or source code about this change.  I am
puzzled as to why the change was made.  Any ideas?  Perhaps getgrnam() does not
work on some platforms? 

Perhaps the developers might like to reinstate the old code unless they now of a
good reason for keeping it.

BTW I note that Samba 2.2 alpha 0 has the same user_in_group_list() code as
2.0.7 (ie. not very NIS friendly), with one exception!  It is missing the
setgrent() before the getgrent()s and endgrent().  This looks like a bug to me.  
Comments anyone.

Hope this helps someone out there.


Opus Technical Support
Email     : grtecz at
Extension : 8034
DDI       : +64.4.471.7034

More information about the samba-ntdom mailing list