login failures and system load
green at UMDNJ.EDU
green at UMDNJ.EDU
Wed Aug 19 18:00:52 GMT 1998
First, I _do_ believe Samba is better than sliced bread (hey - you can't
get fat by using too much Samba :), and I have enormous admiration
and gratitude for the Samba Team. (Okay, no, I haven't sent any pizza
vouchers...)
But, I've got a problem (what else is new?)
Win 95 clients in our public labs/classrooms are experiencing failed
logins for good accounts and occasional failures to run the logon
script.
Samba 1.9.18.p8, on HPUX 10.20 (HP 9000/887's), Win 95 (OSR2) with the
plain password registry hack (so, no encrypted passwords, using
/etc/passwd). Everyone with required authentication uses the same logon
script, which only mounts the home directory and a shared directory,
runs "net time", and then "regedit /s" to stuff the campus domain
into the registry. At the moment, we're not downloading profiles;
everyone should get the same settings, which we've set using poledit on
the local drive. I suppose I should put a config.pol on the server, but
that's for later.
No big deal, right?
So why does our load shoot way up when we have more than a couple of
people logged in, and why is it that when a classroom of people login at
the same time (10 - 20 users), system load can go to 14+, and logins
will fail ("bad or missing password", even though it's not). I've
already trimmed two shares from mounting in the logon script, hoping
that would cut down on the time to login and the resources required by
Samba. Apparently that doesn't help us at login. I'm told (I wasn't
watching), there's a spike in the system load at login, which I'd
expect to be cumulative with a classroom full of simultaneous logins.
Bottom line?
What exactly is going on in the login authentication, and what can we
tune to mitigate it? Our guess is that there's a timing- or
load-related process here, but I dont' have a clue at this point. If
there was something we could tune to reduce the hit on system load,
*that* would be spectacular.
As we're going through orientation for this year's incoming classes,
we're getting hammered on this. <sigh> For those of you who've gone
this route, you'll understand why I'm unhappy about my boss asking me
why we shifted from LM/X to Samba ("LM/X never tanked like this")...
One more question (yeah, right): I've been getting an enormous number
of these messages in syslog.log and samba/var/log.smb:
"Aug 19 11:56:31 rwja smbd[27931]: Getwd failed, errno Permission denied"
Why?
I hate trudging through lengthy smb.conf's, but here's one of ours, if
it's any help:
(Notes:
-I've just remmed out getwd cache - it's been set true up till now
-we have -DGUEST_SESSSETUP=1 in Makefile, to permit cross-domain logins
to mount public shares
)
<---smb.conf begins--->
[global]
printing = hpux
guest account = lmguest
workgroup = PISCATAWAY
local master = yes
preferred master = yes
domain master = yes
os level = 34
mangled map = (*;1 *)
message command = csh -c 'write %s; rm %s' &
netbios name = RWJA-LM
server string = Samba %v on %h
lock directory = /products/samba/var/locks
share modes = yes
security = user
smbrun = /products/samba/bin/smbrun
preserve case = yes
short preserve case = yes
admin users =
client code page = 437
lppause command = /usr/bin/lpalt %p-%j -p0
lpresume command = /usr/bin/lpalt %p-%j -p2
lpq command = /usr/bin/lpstat -o%p
lprm command = /usr/bin/cancel %p-%j
print command = /products/samba/bin/print.cmd %s %p %u %m %I %T
time server = True
unix realname = yes
dead time = 15
domain logons = yes
logon script = acs.bat
wins support = yes
wins proxy = yes
hosts allow = 130.219., 24.3.161.40
remote announce =
remote browse sync =
;****** performance tweaks
; getwd cache = true
read prediction = true
debug level = 1
;****** this should monitor connection status with periodic ACKs
;****** it's supposed to detect and close lost connections
socket options = SO_KEEPALIVE TCP_NODELAY
write raw = no
[homes]
comment = Home Directory of %U
browseable = no
read only = no
create mode = 0750
preexec=/bin/sh -c 'echo C: User %U as service %S on %m \(%I\):: >> /products/samba/var/logs/%m; date >> /products/samba/var/logs/%m'&
postexec=/bin/sh -c 'echo X: User %U as service %S on %m \(%I\):: >> /products/samba/var/logs/%m; date >> /products/samba/var/logs/%m'&
alternate permissions = yes
guest ok = no
[netlogon]
comment = lan logon scripts share
path = /products/samba/netlogon
browseable = no
writeable = no
guest ok = no
locking = no
hosts allow = 130.219.
[dostmp]
comment = Temporary file space
path = /tmp
writeable = yes
browseable = no
guest ok = yes
hosts allow = 130.219.
[files]
comment = ACS Shared applications
path = /lan_files/lmx_dos_files
writeable = yes
guest ok = yes
include = /products/samba/lib/pisc.allow
[classes]
comment = ACS Didactic applications
path = /lan_files/lmx_dos_files/umd_classes
guest ok = yes
include = /products/samba/lib/pisc.allow
[cdrom]
comment = CDROM mounted on rwja
path = /cdrom
read only = yes
writeable = no
fake oplocks = yes
public = no
hosts allow = 130.219.
[pcrdist]
comment = PC rdist tree - images, dst files, and program
path = /work1/green/pcrdist
read only = no
guest ok = yes
writeable = yes
browseable = no
locking = yes
share modes = yes
oplocks = yes
hosts allow = 130.219.
[ljpoff2]
comment = ACS Office Laserjet III in SB-11
path = /tmp
printer = ljpoff2
writeable = no
printable = yes
guest ok = yes
[laserlab]
comment = ACS lab Laserjet 4 in N-217
path = /tmp
printer = laserlab
writeable = no
printable = yes
guest ok = yes
[laserlb2]
comment = ACS lab Laserjet 4 in N-217
path = /tmp
printer = laserlab2
writeable = no
printable = yes
guest ok = yes
[lp]
comment = ACS lab Lineprinter in N-217
path = /tmp
printer = lp
writeable = no
printable = yes
guest ok = yes
[lpmeb]
comment = ACS lab Lineprinter in New Brunswick
path = /tmp
printer = lpmeb
writeable = no
printable = yes
guest ok = yes
[lasermeb]
comment = ACS lab Laserjet III in New Brunswick
path = /tmp
printer = laser2meb
writeable = no
printable = yes
guest ok = yes
[cpplab1]
comment = ACS Tektronix Phaser 140 in N-217
path = /tmp
printer = cpplab1
writeable = no
printable = yes
guest ok = yes
[cpplab2]
comment = ACS Tektronix Phaser 140 in N-217
path = /tmp
printer = cpplab2
writeable = no
printable = yes
guest ok = yes
[cpnblib1]
comment = ACS Tektronix Phaser 140 in New Brunswick
path = /tmp
printer = cpnblib1
writeable = no
printable = yes
guest ok = yes
[djplab]
comment = ACS HP DesignJet in N-217
path = /tmp
printer = djplab
writeable = no
printable = yes
guest ok = yes
<---smb.conf ends--->
c
--
Clifford Green Internet - green at umdnj.edu
Academic Computing Services voice - 732-235-5250
UMDNJ-IST fax - 732-235-5252
Keep interested in your own career, however humble; it is a real possession in the changing fortunes of time.
More information about the samba
mailing list