[Samba] winbind trouble under load?

J. Rönnblom samba at skola.skelleftea.se
Tue Oct 1 15:23:01 GMT 2002 

I forgot to mention that I "connect" winbind to the W2K DC not as an
anonymous
account but with a normal user account. I use the

wbinfo -A user%password

abartlet at samba.org skriver:
>testparm now (2.2.6pre2) has an option to only display non-default
>values.  That makes it easier to figure out what you have actually
>changed...

[global]
        workgroup = SKOLA
        server string = Trustix Samba Server
        interfaces = br0
        security = DOMAIN
        encrypt passwords = Yes
        password server = *
        log level = 0
        log file = /var/log/samba/log.%I
        name resolve order = wins host lmhosts bcast
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        os level = 32
        preferred master = True
        domain master = False
        wins server = 193.180.x.y
        winbind uid = 10000-40000
        winbind gid = 10000-40000
        template homedir = /dev/null
        winbind enum users = No
        winbind enum groups = No
        printer admin = @"SKOLA\Support",@"SKOLA\Administrators"
>
>I would avoid the exec on open, just becouse I see Win2k doing a *lot*
>of tree connects/disconnects.  I would instead suggest using
>pam_mkhomdir (or a modified varient) becouse they occour per session,
>not per tree.

It is only for testing so I don't give much about speed now, on to get it
working. I'll look into the pam_mkhomedir later.
>
>> -------------------
>> 
>> Error on W2K DC
>> 
>> Event Type:     Error
>> Event Source:   Srv
>> Event Category: None
>> Event ID:       2006
>> Date:           2002-09-30
>> Time:           12:28:58
>> User:           N/A
>> Computer:       DC01
>> Description:
>> The server received an incorrectly formatted request from \\193.180.x.y
>> Data:
>> 0000: 00 00 34 00 02 00 7c 00   ..4...|.
>> 0008: 00 00 00 00 d6 07 00 c0   ....Ö..À
>> 0010: 00 00 00 00 01 20 98 c0   ..... ?À
>> 0018: 00 00 00 00 00 00 00 00   ........
>> 0020: 00 00 00 00 00 00 00 00   ........
>> 0028: b3 06 00 00 ff 53 4d 42   ³...ÿSMB
>> 0030: 25 00 00 00 00 08 01 c0   %......À
>> 0038: 00 00 00 00 00 00 00 00   ........
>> 0040: 00 00 00 00 00 d0 6d 38   .....Ðm8
>> 0048: 02 50 01 00 10 00 00 48   .P.....H
>> 0050: 00 00 00 48 00 00 00 00   ...H....
>> 0058: 00 00 00 00               ....
>
>Now *this* is interesting.  I've only heard of it once, and it was not
>reproducable.  Can you reproduce this error, and try to get a packet
>sniff of it?  I would be interested to see what it actually is.

Can't reproduce it. I have a few of these every week in my log files,
both from this server (2.2.6cvs) and the other samba servers (2.2.5).

I'll examine the logs and see if I can find anything that happend at the
same time.
>
>> 
>> [2002/10/01 13:21:50, 0] smbd/sec_ctx.c:initialise_groups(244)
>>   Unable to initgroups. Error was Input/output error
>> 
>> The logs are full of those message. However I think the are due to
>> the fact that I have winbind enum groups = no in /etc/samba/smb.conf
>
>That should not be.  That error is probably somthing else...

Yes, could it be this:

[print$]
        path = /samba/printers
        write list = @"SKOLA\Support" @"SKOLA\Administrators"
        guest ok = Yes

root at xx-proxy /var/log/samba# testparm | grep guest
        map to guest = Never
        domain guest group =
        guest account = nobody
        guest only = No
        guest ok = No
        guest ok = Yes

When the computer/user tries to connect to the share as a guest it fails
since the guest account (nobody) is not allowed to use samba?

OR could the fact that im using a normal account to connect to w2k
account for the errors? (wbinfo -A user%pass)
>
>In any case, one course of action might be (assuming you are running an
>Active Directory setup) to move to Samba 3.0.  If the Win2k clients get
>kerberos credentials, then Samba doesn't need to contact the DC at all
>for authenticaion.  (It might need to contact it for other things
>however, but these can be cached too)  Also, Samba 3.0 uses an LDAP
>client on AD, which I suspect will cope much better with 10000 users.  
>
>Samba 3.0 also has a 'dual deamon' mode where it can opearate out of
>it's cache while waiting for new answers from the DC, which might help
>avoid a blocking winbind call backloging the entire system.
>
>Finally, Samba 3.0 has *much* better error reporting, so you might get a
>meaningful error message too!

But isn't samba 3.0 in alpha or beta? Is it really recommended/safe to run
it in production?

More information about the samba mailing list