[Samba] 3.0.25 Winbind high CPU usage

Jason Lanclos jason at ldaf.state.la.us
Fri May 18 20:04:16 GMT 2007


Only other things running on this server are bind and apache(rarely
used).
This is our mail fileserver which is connected to a CoRaid.



I made the changes as you stated, and cpu usage went down some ..  One
process is using about 35% and the other is at about 15%.

When I look on the domian controller I see LSASS.EXE running around
25-40%.



I'm courious as to why these entries are showing up:

[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
  [    0]: getpwnam offiCeDirEcTOrIes
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
  [    0]: getpwnam OFFICeDirEctoriEs
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
  [    0]: getpwnam officEdiRECToRIes
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
  [    0]: getpwnam officediREcToRIEs
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
  [    0]: getpwnam OFFicedIREcToRies
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
  [    0]: getpwnam OFfIcEDireCtoRiEs


OfficeDirectories is a Share..  Why is winbind running a getpwnam on a
Share name?



smb.conf :
-------------------------------

[global]
   workgroup = WORKGROUP
   netbios name = dataserver1
   netbios aliases = imageserver webshare profiles
   server string = ""
   kernel oplocks = yes
        printcap name = cups
        load printers = no
        printing = cups
        cups options = raw
   log file = /var/log/samba/smbd-%L.log
   log level = 1 winbind:4
   syslog = 0
   max log size = 50
   security = ads
        #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
IPTOS_LOWDELAY
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        #deadtime = 90
        interfaces = lo 10.11.50.1/16 10.10.50.1/16
   remote announce = 10.11.255.255 10.10.255.255
   local master = yes
  os level = 65
   domain master = yes
   preferred master = yes
    name resolve order = wins bcast
   wins support = yes
   wins proxy = yes
   dns proxy = yes
   idmap domains = WORKGROUP
   idmap config WORKGROUP: default =    yes
   idmap config WORKGROUP: backend =    rid
   idmap config WORKGROUP: read_only = yes
   idmap config WORKGROUP: range = 16777216-33554431
   idmap alloc config: range = 16777216-33554431
   idmap cache time = 1800
   idmap negative cache time = 300
   winbind offline logon = true
   winbind nested groups = no
   winbind enum users = no
   winbind enum groups = no
   winbind cache time = 900
   template shell = /bin/bash
   winbind use default domain = yes
   password server = dc2.ldaf.state.la.us usershare.ldaf.state.la.us
print.ldaf.state.la.us agchem.ldaf.state.la.us *
   realm = LDAF.STATE.LA.US
   template homedir = /data/HomeDirectories/%U

   dos filetimes = yes
   fake directory create times = yes
   dos filetime resolution = yes
   veto oplock files = /*.pst/*.PST/
   max disk size = 102400
   enable privileges = yes
   deadtime=480

   read raw  = yes
   write raw = yes
   max xmit = 65535
   getwd cache = yes

  include = /etc/samba/smb.conf.%i
  # There are 3 virtual servers  dataserver1  imageserver webshare
--------------------------------------------



smb.conf.10.11.50.1   (smb.conf.10.10.50.1 is symlinked to the same
file)
--------------------------------
[global]
        interfaces = 10.11.50.1 10.10.50.1
        bind interfaces only = yes
        netbios name = dataserver1
        server string =
   winbind use default domain = yes
        load printers = yes
        #host dfs = yes
[root]
        path = /data
        browseable = no
        writable = yes
        map acl inherit = yes
        valid users = @"WORKGROUP\Domain Admins"
        admin users = @"WORKGROUP\Domain Admins"
        #vfs object = vscan-clamav
        #vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[exmail-backup]
        copy = root
        path = /data/SharedData/exmail-backup
[homes]
        comment = Home Directories
        browseable = no
        writeable = yes
        inherit acls = yes
        #inherit owner = yes
        inherit permissions = yes
        map acl inherit = yes
        root preexec = /etc/samba/setup_homedir %S
        veto files = /.recycle/.webshare/.profile/
        #vfs object = recycle full_audit vscan-clamav
        vfs object = recycle full_audit
        recycle:repository = .recycle
        recycle:keeptree = yes
        recycle:versions = yes
        recycle:touch = yes
        recycle:touch_mtime = no
        #recycle:exclude = *.tmp *.TMP *.temp ~*
        full_audit:prefix = %m|%u|%S
        full_audit:success = unlink rename mkdir pwrite rmdir
        full_audit:failure = pwrite
        #vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[webshare]
        copy = homes
        path = /data/HomeDirectories/%U/.webshare
        root preexec = /etc/samba/setup_homedir %U
        map acl inherit = yes



[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        printable = yes
        writeable = no

[print$]
        path = /data/SharedData/printdrivers
        guest ok = yes
        browseable = yes
        write list = @"WORKGROUP\Domain Admins"
        readonly = yes
[HomeDirectories]
        comment = Home Directories
        path = /data/HomeDirectories
        writeable = yes
        guest ok = no
        veto files = /lost+found/jlanclos/k0268/
        #acl group control = yes
        map acl inherit = yes
        valid users = @"WORKGROUP\MIS"

[OfficeDirectories]
        comment = Long Term Data Storage
        path = /data/SharedData/OfficeDirectories
        map acl inherit = yes
        ea support = yes
        writeable = yes
        guest ok = yes
        admin users = @"WORKGROUP\Domain Admins"
        inherit acls = yes
        #inherit owner = yes
        inherit permissions = yes
        #acl group control = yes
        dos filemode = yes
        veto files = /.recycle/lost+found/
        veto oplock files = /*.qbw*/*.QBW*/
        #vfs object = recycle full_audit vscan-clamav
        vfs object = recycle full_audit
        recycle:repository = .recycle
        recycle:keeptree = yes
        recycle:versions = yes
        recycle:touch = yes
        recycle:touch_mtime = no
        full_audit:prefix = %m|%u|%S
        full_audit:success = unlink  rename mkdir pwrite rmdir
        full_audit:failure = pwrite
        #vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[Forms]
        copy = OfficeDirectories
        comment = Forms
        path = /data/SharedData/Forms
[LDAFApps]
        copy = OfficeDirectories
        path = /data/SharedData/LDAFApps
        comment = LDAF Applications
        writeable = yes
        guest ok = no
        veto files = /lost+found/
[DocumentImaging]
        copy = OfficeDirectories
        comment = Document Imaging Application Images
        path = /data/SharedData/DocumentImaging
        writeable = yes
        guest ok = no
[DFSShare]
        copy = OfficeDirectories
        comment =
        path = /data/SharedData/DFS-Share

[Media]
        copy = OfficeDirectories
        comment = Executive PR
        path = /data/SharedData/Media
        writeable = yes
        guest ok = yes
        veto files = /lost+found/
[oldgdrive]
        path = /data/SharedData/oldgdrive
        writeable = yes
        map acl inherit = yes
        admin users = jlanclos, @"WORKGROUP\Domain Admins"
-------------------------------------------------------------




Thanks,

Jason





-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org] 
Sent: Friday, May 18, 2007 12:07 PM
To: Jason Lanclos
Cc: samba at lists.samba.org
Subject: Re: [Samba] 3.0.25 Winbind high CPU usage

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason Lanclos wrote:
> I just upgraded from 3.0.23d to 3.0.25 and I'm noticing that winbind
is
> chewing up a lot of CPU usage.
> 
> There are always 2 winbindd processes and one uses about 80% cpu and
the
> other use 15% cpu.
> 
> When I run a tcpdump and look at the traffic going to/from the domain
> controller winbindd is connected to, there is a constant flow of
> traffic.
> 
> 
> Here is the winbind setup from my smb.conf file:
> 
>    #idmap uid = 16777216-33554431
>    #idmap gid = 16777216-33554431
>    allow trusted domains = no
>    #idmap backend = idmap_rid:WORKGROUP=16777216-33554431
>    idmap alloc backend = tdb
> 
>    idmap domains = WORKGROUP
>    idmap config WORKGROUP: default =    yes
>    idmap config WORKGROUP: backend =    rid
>    idmap config WORKGROUP: read_only = yes
>    idmap config WORKGROUP: range = 16777216-33554431
>    idmap alloc config: range = 16777216-33554431
> 
>    winbind offline logon = true
>    winbind nested groups = no
>    winbind enum users = yes
>    winbind enum groups = yes
>    winbind cache time = 900

First I would disable thwe winbindd enum users/group options.
Second, you might want to push the "idmap cache time" and
"idmap negative cache time" value up from their default values.

Finally, I have it on my TODO list to move the winbindd and
idmap cache managers into the main winbindd proces so we don't
have to cross process boundaries unless we actually hitting
the backend (i.e. xpired cache entries).

Can you give me a better idea of what is going on in smbd
and other applications running on the server?






cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGTd1MIR7qMdg1EfYRAoJMAJ9Nye7WhjjOOklNJsVbTfGCBSSn9ACgsCeq
KgPypRDG/SoGuhyb0J1A1BA=
=oc5C
-----END PGP SIGNATURE-----




More information about the samba mailing list