[PATCH] winbindd: control number of winbindd's client connections

Uri Simchoni urisimchoni at gmail.com
Wed Jun 3 00:12:06 MDT 2015


This patch handles a case we've encountered in which winbindd opened
client connections up to the process limit on open file descriptors.

It actually happened in the field with a samba 3.3.16-based NAS
appliance serving 200-300 SMB clients. Other factors that caused this
were:
- winbindd is contacting the DC for each session-setup (Bug 11259)
- serving the requests was slow because winbindd was reopening the
ldap connection for each request (Bug 11267 - already fixed)
- DNS misconfiguration on site made serving the requests even slower

However, the basic behavior is that the winbindd client limit is not a
hard limit and I've been able to reproduce it with latest master using
a specially-crafted program which opened multiple requests to
winbindd.

This patchset is divided into two parts:
- parts 1-4 modify winbindd to make the client limit a hard limit -
stop accepting new connections when the limit is reached and resume
accepting when possible.
- part 5 modifies the client side, removing the policy to retry up to
10 times if winbindd doesn't answer within 30 seconds (after
connection has been opened and request sent). This change prevent a
vicious cycle of piling more and more requests on winbindd if it is
already too busy. Instead the client timeout is increased to 300
seconds (30 seconds x 10), relying on winbindd to respond earlier with
a failure code according to "winbind request timeout".

Thanks,
Uri.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wbconns.patch
Type: application/octet-stream
Size: 14924 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150603/37f83754/attachment.obj>


More information about the samba-technical mailing list