Run away number of smbd children

Kevin Robinson kevinr at uark.edu
Mon Oct 15 13:03:46 GMT 2007


Replies below, and thanks!

Dave Daugherty wrote:
> Kevin:
> 
> I know what you mean... and although that problem is serious, I am not
> convinced it's your only problem.  Were your users actually able to
> logon?

Nope, and the ones that were got booted except for a fraction of them. 
If 1000 were connected, that would drop to maybe 100 -- collected via 
smbstatus.  However, the smbd processes would soar to 5000+ before I 
found it and would restart the services.

> 
> One of our customers ran into a problem that on the surface behaved like
> Bug 3204 with our customized build of 3.0.23b.  In this case, we were
> seeing millions of SID -> GID lookups being performed by winbind and the
> 200 SMBD -> WINBIND connection limit was being exceeded because each
> user authentication, with the necessary group membership lookups was
> taking too long.  
> 
> We were able to work around this problem by not loading winbind and
> letting our own NSS module resolve the group memberships - but of course
> then you run into the NSS solaris group membership limits (only 16
> allowed).  
> 
> I was looking for this problem in your log, and although there was a
> fair amount of IDMAP related references, it did not appear to be the
> case that your users belonged to many groups; mostly the same SIDs were
> being resolved over and over.

Yea, we have one main group and oddly enough ... that's the log file 
pointed our per our initial conversation (GACL).  I'll have to collect 
some stats on the look ups and network utilization.  How did you notice 
the number of SID->GID lookups?

> 
> We are currently targeting 3.0.26a for a new release with the hope that
> the improved IDMAP caching and bulk resolving functions will help, so we
> have a vested interest in making sure this problem is resolved :)

Going from 3.0.20b to 3.0.26a I noticed a definite improvement.  Samba 
services would start slowing down or pick and chose whom could connect 
at around 900, and .26a brought that number up to 1100 -- then this...

> 
> I wonder if we can use the Samba 4 SMB torture to simulate the
> situation.
> 
> Dave Daugherty
> Centrify
> 
>> On Behalf Of Kevin Robinson
*snip*
> 

-- 
Kevin Robinson, B.Sc.
SysAdmin for University of Arkansas IT Services
(479)575-2901-office, (479)575-4753-fax
Never take life seriously.  Nobody gets out alive anyway.

01101011 01100101 01110110 01111001 00100000 01100100


More information about the samba-technical mailing list