[Samba] Overloaded samba server. Is it a bug?
Martin Scandroli
masc at intraredes.com
Fri Oct 28 18:40:28 GMT 2005
> I am running Suse 9.2 Pro in a corporate environment with 3.0.14a and
> it
> works great.
> Just my 0.02...
Well, when Samba is running before the load begins to rise, it's around
0.50 (with aproximately 1000 users logued in and 500 in high activity)
> If you truly think this is a samba problem try a different version to
> either replicate the issue or to have it point to a different piece of
> the
> puzzle. What is your complete config?
We are using the Samba 3.0.20b because we need a new feature included in
this version. (SeTakeOwnerShipPrivilege) We haven't been able to use
root user as administrator of extended file system ACLs because the
ldapsam:trusted is preventing us from using it.
(NT_STATUS_UNSUCCESSFUL)
> You said the load went sky high in a matter of seconds...do you see
> which
> process is running wild (smbd, nmbd, winbindd...).
We've done an strace to the partent process of all smbds (it follows all
the forks) and we didn't see nothing relevant.
Here is our smb.conf, and winbindd is not being used.
srvsmb02:~ # cat /etc/samba/smb.conf
[global]
workgroup = DOMAIN
passdb backend = ldapsam:ldap://10.10.6.130
netbios name = SRVSMBFS
netbios aliases = SRVSMBPS
ldap admin dn = cn=admin,o=domain
ldap suffix = ou=ar,o=domain
ldap group suffix = ou=grupos_openldap
ldap machine suffix = ou=maquinas
ldap timeout = 20000
idmap backend = ldap:ldap://10.10.6.130
idmap uid = 10000-40000
idmap gid = 10000-40000
unix charset = ISO8859-15
add machine script = /usr/local/sbin/smbldap-useradd -w %u
domain logons = yes
domain master = yes
local master = yes
show add printer wizard = no
bind interfaces only = yes
interfaces = 10.10.6.75/24
username level = 15
username map = /etc/samba/smbusers
ldapsam:trusted = yes
preferred master = yes
ldap ssl = no
wins support = yes
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path =
logon home = \\%L\%U\.9xprofile
logon drive = H:
os level = 255
log level = 3
socket options = IPTOS_LOWDELAY TCP_NODELAY
cups server = 10.10.6.78
veto files =
/*.eml/*.nws/riched20.dll/*.{*}/aquota.user/aquota.group/.msprofile/lost+found/
hide files = /aquota.user/aquota.group/.msprofile/
enable privileges = yes
acl group control = yes
logon script = ARRANQUE.BAT
inherit owner = yes
inherit acls = yes
disable spoolss = yes
log file = /var/log/samba/machines/log.%m
[homes]
comment = Home Directories
valid users = %S
browseable = No
read only = No
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
browseable = no
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[netlogon]
comment = netlogon service
path = /var/lib/samba/netlogon
browseable = no
guest ok = ..................... Continue....
-------8<-----------8<------------
Thanks for your interest,
Martín
>
> -----Original Message-----
> From: samba-bounces+mjbarber=hearst.com at lists.samba.org
> [mailto:samba-bounces+mjbarber=hearst.com at lists.samba.org] On Behalf
> Of
> merle at gardenfreshcorp.com
> Sent: Friday, October 28, 2005 12:48 PM
> To: masc at intraredes.com
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Overloaded samba server. Is it a bug?
>
> First of all, why run SuSe when CentOS is free, runs faster and is
> more up
> to date? I have basically the same setup you have except our system is
> a
> quad xeon system and CentOS runs flawlessly 24/7. We used to
> experiment
> with SuSe but it is not good for a corporate environment.
> Just a heads up as I have been doing this for 17 years and CentOS is
> the
> cream of the crop for the money.
>
> Martin Scandroli wrote:
>
> >Experts,
> >
> >We've just migrated from samba 2.2.8a to samba 3.0.20b in a very
> >large
> >corporate environment. Everything was really fine in our lab, but we
> >began experiment serious load problems on the productive servers the
> >morning after the procedure took place. I'll try (briefly) to
> >describe
> >the characteristics of the scenario:
> >
> >Resources:
> >
> >Old Environment:
> >
> > Hardware:
> > Dell PowerEdge 2650
> > Intel Xeon Processor
> > 2 GB Ram
> >Raid 5 (via perc raid controller) on 10k scsi disks
> > Software:
> > SuSE Linux Enterprise Server 8
> > Samba 2.2.8a Servers
> > cups printing service
> >openldap2 as backend (with replicas all over the country, about 3000
> >objects in the tree)
> > HeartBeat as high availability Service
> >
> >Everything was charming here!!!!!!
> >
> >
> >New Environment
> >
> > Hardware:
> > Dell PowerEdge 2850 Servers
> >2 Intel Xeon 3.2 GHz (HT i think... i see 4 of them) Processors
> > 4 GB Ram
> >Raid 5 (via Perc raid controller) on 15k scsi disks
> >
> > Software
> > SuSE Linux Enterprise Server 9
> > Samba 3.0.20b Servers
> > cups printing service
> >Novell eDirectory 8.7.3.4 as backend (Very distributed too, about
> >4000
> >objects in the tree)
> > HeartBeat as high availability Service drbd to keep
> >samba configuracion replicated among the cluster nodes.
> >
> >Problems we're having (or had, just as a usefull comment):
> >
> >eDirectory turned out to be much slower than openldap2 when
> >responding
> >to nss_ldap queries (i mean.... about 7 or 8 times slower!!!!) so
> >queries asking for members of large groups (i.e: groups with about
> >1500
> >users and
> >above) were usually terminated with an RPC timeout
> >
> >Everything started to work when we added the ldapsam:trusted=yes
> >parameter. It dramatically reduced the response times and affected
> >queries began to work.
> >The implementation of this feature produced some other problems
> >(we've
> >found workarrounds but i'll comment them just to provide some
> >feedback).
> >
> > 1) The samba server used to die seconds after it was started.
> >Something about the nobody user and it's primary group prevented it
> >from working in a proper manner. We solved this inconvinient by
> >adding
> >de user nobody and it's corresponding primary group to the backend.
> >2) Root user was no longer recognized, (we still trying to figure out
> >why, the user's been added to the tree, but nothing changed) so we
> >used
> >the new role based administration provided by samba 3 as a
> >workarround
> >(SeMachinAccount...), and no more troubles about it.
> >
> >
> >
> > 3)THIS ISSUE IS KILLING US!!!!!!!
> >
> >Something happens in a determined moment of the day (rush hour).
> >Everything is running smoothly (0.3 - 0.4 of load average) when the
> >load start to grow indefinitely!!!!!!. It raises from 0.3 to 50 in a
> >matter of seconds!, and it keeps growing till the server dies. We
> >couldn't find the reason of this, but it happens in a two hors
> >interval. Before and after this interval, there are no errors of any
> >kind.
> >
> > I'll paste some log errors (just the ones i saw). I don't think
> >they're the cause of our problems, buy you're the experts.
> >
> >Any clue? do you need me to gather some kind of information? any DoS
> >bug reported for this samba version?
> >
> > Any help will be highly appreciated
> >
> >Regards,
> >Martin
> >
> >--
> >
> > from /var/log/messages
> >
> > Oct 25 04:34:15 srvsmb01 smbd[2961]: [2005/10/25 04:34:15, 0]
> >lib/util_sock.c:send_smb(762)
> > Oct 25 04:34:15 srvsmb01 smbd[2961]: Error writing 4 bytes to
> >client. -1. (Connection reset by peer)
> > Oct 25 04:40:36 srvsmb01 smbd[2983]: [2005/10/25 04:40:36, 0]
> >lib/util_sock.c:get_peer_addr(1222)
> >Oct 25 04:40:36 srvsmb01 smbd[2983]: getpeername failed. Error was
> >Transport endpoint is not connected
> > Oct 25 04:40:36 srvsmb01 smbd[2983]: [2005/10/25 04:40:36, 0]
> >lib/util_sock.c:write_data(554)
> >Oct 25 04:40:36 srvsmb01 smbd[2983]: write_data: write failure in
> >writing to client 167.252.104.98. Error Connection reset
> > by peer
> >
> > (this happens very often)
> >
> > From /var/log/samba/log.nmbd
> >
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:01, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:02, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:02, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:02, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:02, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:02, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:02, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:02, 2] tdb/tdbutil.c:tdb_log(767)
> >tdb(unnamed): tdb_open_ex: /var/lib/samba/unexpected.tdb (2059,2959)
> >is
> >already open in this process
> > [2005/10/26 04:17:02, 2] tdb/tdbutil.c:tdb_log(767)
> >
> > from /var/log/samba/log.smbd
> >
> > smbldap_open: cannot access LDAP when not root..
> > [2005/10/25 01:29:28, 1] lib/smbldap.c:another_ldap_try(951)
> > Connection to LDAP server failed for the 1 try!
> > [2005/10/25 01:29:29, 0] lib/smbldap.c:smbldap_open(822)
> > smbldap_open: cannot access LDAP when not root..
> > [2005/10/25 01:29:29, 1] lib/smbldap.c:another_ldap_try(951)
> > Connection to LDAP server failed for the 2 try!
> > [2005/10/25 01:29:29, 2] smbd/close.c:close_normal_file(270)
> >cmqtbe4 closed file Planta/TPM/Envasado/Linea4/LLENADORA/Merma Linea
> >4.xls (numopen=0)
> > [2005/10/25 01:29:29, 2] smbd/open.c:open_file(372)
> >CMQTBE4 opened file Planta/TPM/Envasado/Linea4/LLENADORA/Merma Linea
> >4.xls read=No write=Yes (numopen=1)
> > [2005/10/25 01:29:29, 2] smbd/close.c:close_normal_file(270)
> >cmqtbe4 closed file Planta/TPM/Envasado/Linea4/LLENADORA/Merma Linea
> >4.xls (numopen=0)
> > [2005/10/25 01:29:30, 0] lib/smbldap.c:smbldap_open(822)
> > smbldap_open: cannot access LDAP when not root..
> > [2005/10/25 01:29:30, 1] lib/smbldap.c:another_ldap_try(951)
> > Connection to LDAP server failed for the 3 try!
> > [2005/10/25 01:29:31, 0] lib/smbldap.c:smbldap_open(822)
> > smbldap_open: cannot access LDAP when not root..
> > [2005/10/25 01:29:31, 1] lib/smbldap.c:another_ldap_try(951)
> > Connection to LDAP server failed for the 4 try!
> > [2005/10/25 01:29:32, 2]
> >rpc_server/srv_spoolss_nt.c:find_printer_index_by_hnd(270)
> > find_printer_index_by_hnd: Printer handle not found:
> >_spoolss_writeprinter: Invalid handle (OTHER:15976:11737)
> > [2005/10/25 01:29:32, 0] lib/smbldap.c:smbldap_open(822)
> > smbldap_open: cannot access LDAP when not root..
> > [2005/10/25 01:29:32, 1] lib/smbldap.c:another_ldap_try(951)
> > Connection to LDAP server failed for the 5 try!
> > [2005/10/25 01:29:33, 0] lib/smbldap.c:smbldap_open(822)
> > smbldap_open: cannot access LDAP when not root..
> > [2005/10/25 01:29:33, 1] lib/smbldap.c:another_ldap_try(951)
> > Connection to LDAP server failed for the 6 try!
> >[2005/10/25 01:29:34, 2] smbd/sesssetup.c:setup_new_vc_session(704)
> >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> >all old resources.
> >[2005/10/25 01:29:34, 2] smbd/sesssetup.c:setup_new_vc_session(704)
> >setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> >all old resources.
> > [2005/10/25 01:29:34, 0] lib/smbldap.c:smbldap_open(822)
> > smbldap_open: cannot access LDAP when not root..
> > [2005/10/25 01:29:34, 1] lib/smbldap.c:another_ldap_try(951)
> > Connection to LDAP server failed for the 7 try!
> >
> >
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list