Samba, 20.000 users and concurrent logons: part 2

Michael Glauche mg at
Wed Apr 26 15:43:51 GMT 2000

  I wanted to let you know that I'm able to succesfully work with 20000 
  users and several concurrent logon sessions. 
  Instead of using /etc/smbpasswd or /etc/passwd, I chose to use /var/db/password.db. 
  I created this file using the makefile which is located in the /var/db directory. 
  I suppose this is an indexed version of /etc/passwd and works a lot faster 
  than the regular flat file. 
  Also I changed the entries for passwd and shadow in /etc/nsswitch.conf from 
  passwd    files nis ...            passwd     db 
  shadow    files nis ...     to    shadow    db 

  I have two Samba-servers: 

  Server1 (authentication server): 
  security = user 
  encrypt passwords = no 
  domain logons = yes 

  Server2 (server with the shares): 
  security = server 
  encrypt passwords = no 
  password server = server1 

  I've tested the servers with 50 logon sessions in about half a minute. No 
  problems: all the clients were succesfully logged on. This was NOT the case 
  when we used /etc/passwd or /etc/smbpasswd because of the heavy CPU- 
  consumption of the smbd processes (idle = 0%). 
  Although I refered to the databasefiles in /etc/nsswitch.conf, for some strange 
  reason /etc/passwd was still used on the server with the share. Therefore I used a standard /etc/passwd 
  file instead of the passwd file with the 20000 users. And this works fine and fast. 

wow. ;)

  I suppose it's in the Samba-code that it will look in /etc/passwd first when you 
  have set security = server. Can anyone confirm this? So even if you tell Linux 
  to use the database files, Samba won't necessarily do so. 

  My question: 
  If you have set security = server, for what processes exactly is /etc/passwd 
  I know that you NEED to have a account on the Samba server. This 
  is because the Unix operating system needs a username to perform various 
  I/O operations. 

  During these tests, I encountered some errors. 

  * When I deleted the entry 'smbpasswd file = /etc/smbpasswd'  (which I don't need 
     since I have encrypt passwords = no) and tried to restart the daemons, I got the 
    following error (on the server with the shares, server2): 

    [2000/04/20 13:04:11, 0] passdb/passdb.c:pdb_generate_sam_sid(843) 
    can't create private directory  : No such file or directory 
    [2000/04/20 13:04:11, 0] smbd/server.c:main(658) 
     ERROR: Samba cannot create a SAM SID. 

That is, because samba did try to write the domain.sid file in $PREFIX/private, that is not created with make 
install in TNG. If you set the smbpasswd file, the same location will be used for the SID.

  * When a user succesfully logged on, I got these strange errors on the authentication server.. 

  [2000/04/25 09:28:48, 0] smbd/password.c:password_ok(551) 
    Error: challenge not done for user=u19331 

  Maybe bugs? 

  By the way, as you can see I work with a Redhat distribution. The location of 
  the files may be found in other directories if you work with another distribution. 

did you try ./configure --with-sam-pwdb=tdb ? Then TNG should use a indexed DB for NT-password hashes.


-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-technical mailing list