[Samba] Excessive traffic causing slow logons

Trimble, Ronald D Ronald.Trimble at unisys.com
Thu May 4 14:21:18 GMT 2006


I am seeing some extremely slow logons to my SUSE servers.  All are
configured exactly the same.  When I attempt to log on, I can enter my
domain (AD) account without any problems.  I then enter my password and
sit and wait for several minutes until it eventually takes me to my
desktop.  In attempting to debug the problem, we have been able to see
millions of calls to the domain controller.  They all look similar to
this...

 

16:19:31.943556 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: P 6096:6369(273) ack 7014 win 16080
<nop,nop,timestamp 89505560 7529129>

16:19:31.944886 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695: P 7014:7391(377) ack 6369 win
64170 <nop,nop,timestamp 7529129 89505560>

16:19:31.945122 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: P 6369:6647(278) ack 7391 win 16080
<nop,nop,timestamp 89505561 7529129>

16:19:31.946500 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695: P 7391:7778(387) ack 6647 win
65535 <nop,nop,timestamp 7529129 89505561>

16:19:31.946733 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: P 6647:6919(272) ack 7778 win 16080
<nop,nop,timestamp 89505563 7529129>

16:19:31.948064 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695: P 7778:8152(374) ack 6919 win
65263 <nop,nop,timestamp 7529129 89505563>

16:19:31.948298 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: P 6919:7194(275) ack 8152 win 16080
<nop,nop,timestamp 89505565 7529129>

16:19:31.949678 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695: P 8152:8532(380) ack 7194 win
64988 <nop,nop,timestamp 7529129 89505565>

16:19:31.949913 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: P 7194:7466(272) ack 8532 win 16080
<nop,nop,timestamp 89505566 7529129>

16:19:31.951244 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695: P 8532:8905(373) ack 7466 win
64716 <nop,nop,timestamp 7529129 89505566>

16:19:31.951478 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: P 7466:7729(263) ack 8905 win 16080
<nop,nop,timestamp 89505568 7529129>

16:19:31.953003 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695: P 8905:9186(281) ack 7729 win
64453 <nop,nop,timestamp 7529129 89505568>

16:19:31.953098 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: P 7729:7736(7) ack 9186 win 16080
<nop,nop,timestamp 89505569 7529129>

16:19:31.953117 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: F 7736:7736(0) ack 9186 win 16080
<nop,nop,timestamp 89505569 7529129>

16:19:31.953252 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40696 >
ustr-nadc1.na.uis.unisys.com.ldap: S 1051543388:1051543388(0) win 5840
<mss 1460,sackOK,timestamp 89505570 0,nop,wscale 0>

16:19:31.953592 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695: . ack 7737 win 64446
<nop,nop,timestamp 7529129 89505569>

16:19:31.954376 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695: F 9186:9186(0) ack 7737 win 64446
<nop,nop,timestamp 7529129 89505569>

16:19:31.954391 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40695 >
ustr-nadc1.na.uis.unisys.com.ldap: . ack 9187 win 16080
<nop,nop,timestamp 89505571 7529129>

16:19:31.954817 IP ustr-nadc1.na.uis.unisys.com.ldap >
USTR-MINT-A-2.NA.UIS.UNISYS.COM.40696: S 702706062:702706062(0) ack
1051543389 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0
0,nop,nop,sackOK>

16:19:31.954830 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40696 >
ustr-nadc1.na.uis.unisys.com.ldap: . ack 1 win 5840 <nop,nop,timestamp
89505571 0>

16:19:31.954959 IP USTR-MINT-A-2.NA.UIS.UNISYS.COM.40696 >
ustr-nadc1.na.uis.unisys.com.ldap: P 1:91(90) ack 1 win 5840
<nop,nop,timestamp 89505571 0>

 

As you can imagine, we see millions of these over the 4 to 5 minutes it
takes to log on.  On the Windows side, the domain controller does not
report any errors in the logs.  

 

I have turned the debug level of winbind up to 10 and have some very
extensive logs showing what is going on.  Unfortunately, I cannot
interpret all of this myself.  Can anyone help me with this issue?  This
issue is very quickly making us think twice about continuing to use
Samba.

 

Thanks,

Ron

 

 



More information about the samba mailing list