Run away number of smbd children
Dave Daugherty
dave.daugherty at centrify.com
Mon Oct 15 19:23:41 GMT 2007
On Behalf Of Kevin Robinson
Sent: Monday, October 15, 2007 6:04 AM
> Replies below, and thanks!
> > Dave Daugherty wrote:
> > Kevin:
> >
> > I know what you mean... and although that problem is serious, I am
not
> > convinced it's your only problem. Were your users actually able to
> logon?
> Nope, and the ones that were got booted except for a fraction of them.
> If 1000 were connected, that would drop to maybe 100 -- collected via
> smbstatus. However, the smbd processes would soar to 5000+ before I
> found it and would restart the services.
Then maybe the underlying problem was the machine account password
getting out of wack. Authentications may backup if Samba is having
problems authenticating with the domain controller using its machine
account.
Did anyone by chance reset the computer account password in AD using
ADUC?
> Yea, we have one main group and oddly enough ... that's the log file
> pointed our per our initial conversation (GACL). I'll have to collect
> some stats on the look ups and network utilization. How did you
notice
> the number of SID->GID lookups?
I was looking at the winbindd-idmap log file timestamps and could see
bursts of lookups over time, with some idle times interspersed in
between. This is not unusual as when a user authenticates, SMBD must
look up the groups that user belongs to for authorization purposes. It
gets these groups in the form of SIDs and must translate these to GIDs.
Once the groups are resolved to GIDs, SMBD caches this information in a
user authentication structure so it does not have to look up the info
again each time the user accesses a file or directory.
*snip*
Dave Daugherty
More information about the samba-technical
mailing list