Samba4 high cpu load

steve steve at steve-ss.com
Sat May 12 15:38:24 MDT 2012


On 05/09/2012 10:29 AM, Michael Wood wrote:
> Hi
>
> On 9 May 2012 10:21, steve<steve at steve-ss.com>  wrote:
>> On 09/05/12 04:02, Günter Kukkukk wrote:
> [...]
>>> i've contacted one of the gnutls developers (Nikos Mavrogiannopoulos).
>>> He told me that when generating the Diffie-Hellman key, some (3.x.x)
>>> versions used a very slow algorithm.
>>> He recommends to use gnutls>= 3.0.9
>>>
>>> Opensuse 12.1 uses gnutls 3.0.3 atm.
>>>
>>> So i did a recent gnutls-3.0.19 build.
>>>
>>> With gnutls 3.0.19
>>>     time certtool --generate-dh-params --bits 1024
>>> is now down to 1 - 2 seconds, compared to 3 - 5 minutes (!!!)
>>> with former version 3.0.3 (from opensuse 12.1)
>>>
>>> Will contact the opensuse maintainers.
>>>
>>> Cheers, Günter
>>
>>
>> Thanks again.
>>
>> Just compiled 3.0.19 on 12.1. Went OK after I installed libnettle;-) I have
>> now removed the workaround from smb.conf:
>> #       tls enabled = No
>> Can confirm the quick startup. 1 second as opposed to 5 minutes!
>>
>> I'm a little confused as when I went to uninstall 3.0.3 using Yast, I saw
>> only libgnutls28-3.0.3 and libgnutls-devel-3.0.3 were installed. libgnutls28
>> had over 100 dependants so I left that installed and removed only the devel
>> package. gnutls-3.0.3 was not installed. Is that OK?
>
Hi Günter

Would you mind If I posted to the openSUSE list quoting this thread so that we can get the latest gnutls in the forthcoming 12.2 release?

Cheers,
Steve




More information about the samba-technical mailing list