Samba4 high cpu load
Michael Wood
esiotrot at gmail.com
Wed May 9 02:29:23 MDT 2012
Hi
On 9 May 2012 10:21, steve <steve at steve-ss.com> wrote:
> On 09/05/12 04:02, Günter Kukkukk wrote:
[...]
>> i've contacted one of the gnutls developers (Nikos Mavrogiannopoulos).
>> He told me that when generating the Diffie-Hellman key, some (3.x.x)
>> versions used a very slow algorithm.
>> He recommends to use gnutls>= 3.0.9
>>
>> Opensuse 12.1 uses gnutls 3.0.3 atm.
>>
>> So i did a recent gnutls-3.0.19 build.
>>
>> With gnutls 3.0.19
>> time certtool --generate-dh-params --bits 1024
>> is now down to 1 - 2 seconds, compared to 3 - 5 minutes (!!!)
>> with former version 3.0.3 (from opensuse 12.1)
>>
>> Will contact the opensuse maintainers.
>>
>> Cheers, Günter
>
> Hi Günter
>
> Thanks again.
>
> Just compiled 3.0.19 on 12.1. Went OK after I installed libnettle;-) I have
> now removed the workaround from smb.conf:
> # tls enabled = No
> Can confirm the quick startup. 1 second as opposed to 5 minutes!
>
> I'm a little confused as when I went to uninstall 3.0.3 using Yast, I saw
> only libgnutls28-3.0.3 and libgnutls-devel-3.0.3 were installed. libgnutls28
> had over 100 dependants so I left that installed and removed only the devel
> package. gnutls-3.0.3 was not installed. Is that OK?
libgnutls28-3.0.3 looks like gnutls 3.0.3 to me. It should be fine to
uninstall the libgnutls-devel-3.0.3 package and leave
libgnutls28-3.0.3 installed. When you compile Samba it will compile
against your 3.0.19 version, since you don't have the 3.0.3 devel
package installed anymore, and when Samba runs it should also use the
3.0.19 version instead of the 3.0.3 version.
> BTW, just gone through a new S4 build with this configuration. All OK.
>
> Cheers,
> Steve
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list