login failures and system load

green at UMDNJ.EDU green at UMDNJ.EDU
Wed Aug 19 18:00:52 GMT 1998 

First, I _do_ believe Samba is better than sliced bread (hey - you can't
get fat by using too much Samba :), and I have enormous admiration
and gratitude for the Samba Team. (Okay, no, I haven't sent any pizza
vouchers...)

But, I've got a problem (what else is new?)

Win 95 clients in our public labs/classrooms are experiencing failed
logins for good accounts and occasional failures to run the logon
script.

Samba 1.9.18.p8, on HPUX 10.20 (HP 9000/887's), Win 95 (OSR2) with the
plain password registry hack (so, no encrypted passwords, using
/etc/passwd).  Everyone with required authentication uses the same logon
script, which only mounts the home directory and a shared directory,
runs "net time", and then "regedit /s" to stuff the campus domain
into the registry.  At the moment, we're not downloading profiles;
everyone should get the same settings, which we've set using poledit on
the local drive.  I suppose I should put a config.pol on the server, but
that's for later.

No big deal, right?

So why does our load shoot way up when we have more than a couple of
people logged in, and why is it that when a classroom of people login at
the same time (10 - 20 users), system load can go to 14+, and logins
will fail ("bad or missing password", even though it's not).  I've
already trimmed two shares from mounting in the logon script, hoping
that would cut down on the time to login and the resources required by
Samba.  Apparently that doesn't help us at login.  I'm told (I wasn't
watching), there's a spike in the system load at login, which I'd
expect to be cumulative with a classroom full of simultaneous logins.

Bottom line?

What exactly is going on in the login authentication, and what can we
tune to mitigate it?  Our guess is that there's a timing- or
load-related process here, but I dont' have a clue at this point.  If
there was something we could tune to reduce the hit on system load,
*that* would be spectacular.

As we're going through orientation for this year's incoming classes,
we're getting hammered on this.  <sigh>  For those of you who've gone
this route, you'll understand why I'm unhappy about my boss asking me
why we shifted from LM/X to Samba ("LM/X never tanked like this")...

One more question (yeah, right):  I've been getting an enormous number
of these messages in syslog.log and samba/var/log.smb:
"Aug 19 11:56:31 rwja smbd[27931]: Getwd failed, errno Permission denied"

Why?

I hate trudging through lengthy smb.conf's, but here's one of ours, if
it's any help:

(Notes: 
-I've just remmed out getwd cache - it's been set true up till now
-we have -DGUEST_SESSSETUP=1 in Makefile, to permit cross-domain logins
 to mount public shares
)

<---smb.conf begins--->
[global]
   printing = hpux
   guest account = lmguest
   workgroup = PISCATAWAY
   local master = yes
   preferred master = yes
   domain master = yes
   os level = 34
   mangled map = (*;1 *)
   message command = csh -c 'write %s; rm %s' &
   netbios name = RWJA-LM
   server string = Samba %v on %h
   lock directory = /products/samba/var/locks
   share modes = yes
   security = user
   smbrun = /products/samba/bin/smbrun
   preserve case = yes
   short preserve case = yes
   admin users = 
   client code page = 437
   lppause command = /usr/bin/lpalt %p-%j -p0
   lpresume command = /usr/bin/lpalt %p-%j -p2
   lpq command = /usr/bin/lpstat -o%p
   lprm command = /usr/bin/cancel %p-%j
   print command = /products/samba/bin/print.cmd %s %p %u %m %I %T
   time server = True
   unix realname = yes
   dead time = 15
   domain logons = yes
   logon script = acs.bat
   wins support = yes
   wins proxy = yes
   hosts allow = 130.219., 24.3.161.40
   remote announce = 
   remote browse sync = 
;****** performance tweaks
;   getwd cache = true
   read prediction = true
   debug level = 1
;****** this should monitor connection status with periodic ACKs
;****** it's supposed to detect and close lost connections
   socket options = SO_KEEPALIVE TCP_NODELAY
   write raw = no

[homes]
   comment = Home Directory of %U
   browseable = no
   read only = no
   create mode = 0750
   preexec=/bin/sh -c 'echo C: User %U as service %S on %m \(%I\):: >> /products/samba/var/logs/%m; date >> /products/samba/var/logs/%m'&
   postexec=/bin/sh -c 'echo X: User %U as service %S on %m \(%I\):: >> /products/samba/var/logs/%m; date >> /products/samba/var/logs/%m'&
   alternate permissions = yes
   guest ok = no


[netlogon]
   comment = lan logon scripts share
   path = /products/samba/netlogon
   browseable = no
   writeable = no
   guest ok = no
   locking = no
   hosts allow = 130.219.

[dostmp]
   comment = Temporary file space
   path = /tmp
   writeable = yes
   browseable = no
   guest ok = yes
   hosts allow = 130.219.

[files]
   comment = ACS Shared applications
   path = /lan_files/lmx_dos_files
   writeable = yes
   guest ok = yes
   include = /products/samba/lib/pisc.allow

[classes]
   comment = ACS Didactic applications
   path = /lan_files/lmx_dos_files/umd_classes
   guest ok = yes
   include = /products/samba/lib/pisc.allow

[cdrom]
   comment = CDROM mounted on rwja
   path = /cdrom
   read only = yes
   writeable = no
   fake oplocks = yes
   public = no
   hosts allow = 130.219.

[pcrdist]
   comment = PC rdist tree - images, dst files, and program
   path = /work1/green/pcrdist
   read only = no
   guest ok = yes
   writeable = yes
   browseable = no
   locking = yes
   share modes = yes
   oplocks = yes
   hosts allow = 130.219.

[ljpoff2]
   comment = ACS Office Laserjet III in SB-11
   path = /tmp
   printer = ljpoff2
   writeable = no
   printable = yes
   guest ok = yes

[laserlab]
   comment = ACS lab Laserjet 4 in N-217
   path = /tmp
   printer = laserlab
   writeable = no
   printable = yes
   guest ok = yes

[laserlb2]
   comment = ACS lab Laserjet 4 in N-217
   path = /tmp
   printer = laserlab2
   writeable = no
   printable = yes
   guest ok = yes

[lp]
   comment = ACS lab Lineprinter in N-217
   path = /tmp
   printer = lp
   writeable = no
   printable = yes
   guest ok = yes

[lpmeb]
   comment = ACS lab Lineprinter in New Brunswick
   path = /tmp
   printer = lpmeb
   writeable = no
   printable = yes
   guest ok = yes

[lasermeb]
   comment = ACS lab Laserjet III in New Brunswick
   path = /tmp
   printer = laser2meb
   writeable = no
   printable = yes
   guest ok = yes

[cpplab1]
   comment = ACS Tektronix Phaser 140 in N-217
   path = /tmp
   printer = cpplab1
   writeable = no
   printable = yes
   guest ok = yes

[cpplab2]
   comment = ACS Tektronix Phaser 140 in N-217
   path = /tmp
   printer = cpplab2
   writeable = no
   printable = yes
   guest ok = yes

[cpnblib1]
   comment = ACS Tektronix Phaser 140 in New Brunswick
   path = /tmp
   printer = cpnblib1
   writeable = no
   printable = yes
   guest ok = yes

[djplab]
   comment = ACS HP DesignJet in N-217
   path = /tmp
   printer = djplab
   writeable = no
   printable = yes
   guest ok = yes
<---smb.conf ends--->

c
-- 
Clifford Green               Internet -  green at umdnj.edu
Academic Computing Services     voice -     732-235-5250
UMDNJ-IST                         fax -     732-235-5252
Keep interested in your own career, however humble; it is a real possession in the changing fortunes of time.

More information about the samba mailing list