[Samba] Overloaded samba server. Is it a bug?

Andrew Bartlett abartlet at samba.org
Sat Oct 29 02:14:51 GMT 2005 

On Thu, 2005-10-27 at 03:12 -0300, Martin Scandroli wrote:
> Experts,

> The implementation of this feature produced some other problems (we've
> found workarrounds but i'll comment them just to provide some feedback).
> 
>         1) The samba server used to die seconds after it was started. 
> Something about the nobody user and it's primary group prevented it from
> working in a proper manner. We solved this inconvinient by adding de
> user
> nobody and it's corresponding primary group to the backend.

Yep, this is a known requirement for that feature.  I'm not sure it
should die, but it can't work without all the accounts it will deal with
in LDAP.  (Otherwise we have to use the slower method, which is why you
turned this on in the first place).

> 2) Root user was no longer recognized, (we still trying to figure out
> why, the user's been added to the tree, but nothing changed) so we used
> the
> new role based administration provided by samba 3 as a workarround 
> (SeMachinAccount...), and no more troubles about it.

Yep.

> 
> 
>         3)THIS ISSUE IS KILLING US!!!!!!!
> 
> Something happens in a determined moment of the day (rush hour).
> Everything is running smoothly (0.3 - 0.4 of load average) when the load
> start to grow indefinitely!!!!!!. It raises from 0.3 to 50 in a matter
> of
> seconds!, and it keeps growing till the server dies. We couldn't find
> the
> reason of this, but it happens in a two hors interval. Before and after
> this
> interval, there are no errors of any kind.
> 
>         I'll paste some log errors (just the ones i saw). I don't think 
> they're the cause of our problems, buy you're the experts.
> 
> Any clue? do you need me to gather some kind of information? any DoS
> bug reported for this samba version?

My guess is this:  Your LDAP server is getting backed up because of a
bug, perhaps invoving a lock in the database.  Then Samba processes
start backing up, trying to access LDAP, which is wedged.  They keep
hammering at the ldap server in the backoff pattern, then fail (causing
the client to try again).

Because the questions are not being answered, the load goes though the
roof, and this causes the LDAP sever more pain.

One option is to separate your LDAP server from your samba server, and
have more than one LDAP server available per Samba server.  This allows
Samba to use the other server, with the local one recovers (assuming
some short-term lock).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051029/8a6c68d7/attachment.bin

More information about the samba mailing list