[Samba] Samba authentication slow against PDC

Chris Snider chris.snider at tagtmi.com
Mon Jan 17 23:16:36 GMT 2005

Thanks for your reply.  

>How many clients do you have running against your server(s).
Just shy of 1000.  952 total clients.

> ever considered a BDC?
We do have a BDC although it doesn't take as much of a load off of our PDC
as I would like.  The PDC will run around 70% utilization during real busy
times, usually in the morning, while the BDC will be running around 30-40%.
People are still able to authenticate against the BDC and run their login
scripts from the BDC so I know it is working.  I was kicking around the idea
of having BDCs at each customer location however client authentication
doesn't seem to be the issue as much as our third samba server deciding if
the user has access to a share.

> What program is chewing up the most cpu when you're at 30%?
SMBD takes up 30% on the file server and SLAPD takes up to 70% on the PDC.
>How many distinct samba processes do you have going?
Didn't look on the file server but I know the PDC had 1200 LDAP connections
when it usually only has 200-500.  Once I rebooted the problematic Samba
server that number dropped to 170 or so.  I will check tomorrow and let you
know how many smbd processes I have running.

> Try dropping in with a console and seeing how well a command like getent
> passwd or getent group, or even an ls -alF responds.
When I run getent passwd from the problem file server it responds almost
immediately streaming user entries.  Same with getent group.  I can also do
id username and it returns information within 1 second.  A little slower
than if the PDC and Fileserver had no load on them but it wasn't painfully
slow.  I did notice that when I ran ls -al in /homes it took a real long
time(7 seconds) to display the directories.  I'm wondering if the samba
problem is because we have 1000 user home directories under /home.  I'm not
real familiar with the way Samba authenticates a user to access a share but
this could definitely be a problem.

> If it's slow then your LDAP link could be to blame.
Possibly, however our other 2 samba servers don't seem to have any issues
when the third one does.

>Make sure that you've got nscd running on your PDC.  
I didn't enable nscd since I've read nscd can chew up system resources and
cause stability issues.  Since we are having stability issues anyway I'll
enable it and let you know Tuesday if that made a difference.

I'll keep working on it and let you know if I find anything.


More information about the samba mailing list