One way to solve slow logins with NT-domains

Jeremy Allison jallison at
Thu May 6 17:41:17 GMT 1999

Jani Jaakkola wrote:
> When i was experimenting with the NT-domain code, it turned out to be too
> slow for our environment. We have 2300 users in our /etc/passwd and 200
> groups in our /etc/group. It turned out that samba does hundreds of
> getpwnam() and getpwuid() calls when someone logins to domain, which will
> take time, since Linux glibc-2.0 C-library doesn't have any caching
> for passwords and our passwd file is 160K in size.
> So I wrote a simple cache wrapper around sambas getpwnam() and getpwuid()
> calls. The cache is built the first time when either of them is called and
> is kept around for 15 seconds, after which it will be rebuilt.
> Oh yes.. If you happen to have multiple user names sharing the same uid or
> multiple uids sharing the same user name, the cache will return the last
> one in /etc/passwd instead of the first one. If you think this is a
> promlem, it can be easily fixed.
> I'm including the patch in this email. It is agains the current CVS
> version (well, current version at least an hour ago).
> I hope no one will get upset, since it is 355 lines. It isn't tested very
> throughly (i just got it ready an hour ago). Anyway, I can log on to NT
> domain in 1 second instead of 15-20 seconds and I won't get the annoying
> slow network dialog :)

I *love* Open Source :-).

This was a bunch of code that I knew I was going to have to write
and now I don't :-).

A couple of comments.

Firstly, a slightly nicer way to do this would be to
change the calls to wrappers around all the
getpwxxx functions.

eg. getpwnam -> sys_getpwnam 

Check lib/system.c for details. We can then replace
all getpwxxx calls to go through the wrappers and
get a more coherent view into the users hash table.

Secondly we should add a hash by uid as well and allow
lookups on both name and uid. Getting fancy we should
also store this table in either a file or shared 
memory and allow it to be shared across smbd's.

Great first hack though !


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list