[Samba] 3.0.25 Winbind high CPU usage
Jason Lanclos
jason at ldaf.state.la.us
Fri May 18 20:04:16 GMT 2007
Only other things running on this server are bind and apache(rarely
used).
This is our mail fileserver which is connected to a CoRaid.
I made the changes as you stated, and cpu usage went down some .. One
process is using about 35% and the other is at about 15%.
When I look on the domian controller I see LSASS.EXE running around
25-40%.
I'm courious as to why these entries are showing up:
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
[ 0]: getpwnam offiCeDirEcTOrIes
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
[ 0]: getpwnam OFFICeDirEctoriEs
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
[ 0]: getpwnam officEdiRECToRIes
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
[ 0]: getpwnam officediREcToRIEs
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
[ 0]: getpwnam OFFicedIREcToRies
[2007/05/18 14:38:52, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(346)
[ 0]: getpwnam OFfIcEDireCtoRiEs
OfficeDirectories is a Share.. Why is winbind running a getpwnam on a
Share name?
smb.conf :
-------------------------------
[global]
workgroup = WORKGROUP
netbios name = dataserver1
netbios aliases = imageserver webshare profiles
server string = ""
kernel oplocks = yes
printcap name = cups
load printers = no
printing = cups
cups options = raw
log file = /var/log/samba/smbd-%L.log
log level = 1 winbind:4
syslog = 0
max log size = 50
security = ads
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
IPTOS_LOWDELAY
socket options = TCP_NODELAY IPTOS_LOWDELAY
#deadtime = 90
interfaces = lo 10.11.50.1/16 10.10.50.1/16
remote announce = 10.11.255.255 10.10.255.255
local master = yes
os level = 65
domain master = yes
preferred master = yes
name resolve order = wins bcast
wins support = yes
wins proxy = yes
dns proxy = yes
idmap domains = WORKGROUP
idmap config WORKGROUP: default = yes
idmap config WORKGROUP: backend = rid
idmap config WORKGROUP: read_only = yes
idmap config WORKGROUP: range = 16777216-33554431
idmap alloc config: range = 16777216-33554431
idmap cache time = 1800
idmap negative cache time = 300
winbind offline logon = true
winbind nested groups = no
winbind enum users = no
winbind enum groups = no
winbind cache time = 900
template shell = /bin/bash
winbind use default domain = yes
password server = dc2.ldaf.state.la.us usershare.ldaf.state.la.us
print.ldaf.state.la.us agchem.ldaf.state.la.us *
realm = LDAF.STATE.LA.US
template homedir = /data/HomeDirectories/%U
dos filetimes = yes
fake directory create times = yes
dos filetime resolution = yes
veto oplock files = /*.pst/*.PST/
max disk size = 102400
enable privileges = yes
deadtime=480
read raw = yes
write raw = yes
max xmit = 65535
getwd cache = yes
include = /etc/samba/smb.conf.%i
# There are 3 virtual servers dataserver1 imageserver webshare
--------------------------------------------
smb.conf.10.11.50.1 (smb.conf.10.10.50.1 is symlinked to the same
file)
--------------------------------
[global]
interfaces = 10.11.50.1 10.10.50.1
bind interfaces only = yes
netbios name = dataserver1
server string =
winbind use default domain = yes
load printers = yes
#host dfs = yes
[root]
path = /data
browseable = no
writable = yes
map acl inherit = yes
valid users = @"WORKGROUP\Domain Admins"
admin users = @"WORKGROUP\Domain Admins"
#vfs object = vscan-clamav
#vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[exmail-backup]
copy = root
path = /data/SharedData/exmail-backup
[homes]
comment = Home Directories
browseable = no
writeable = yes
inherit acls = yes
#inherit owner = yes
inherit permissions = yes
map acl inherit = yes
root preexec = /etc/samba/setup_homedir %S
veto files = /.recycle/.webshare/.profile/
#vfs object = recycle full_audit vscan-clamav
vfs object = recycle full_audit
recycle:repository = .recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:touch_mtime = no
#recycle:exclude = *.tmp *.TMP *.temp ~*
full_audit:prefix = %m|%u|%S
full_audit:success = unlink rename mkdir pwrite rmdir
full_audit:failure = pwrite
#vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[webshare]
copy = homes
path = /data/HomeDirectories/%U/.webshare
root preexec = /etc/samba/setup_homedir %U
map acl inherit = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes
writeable = no
[print$]
path = /data/SharedData/printdrivers
guest ok = yes
browseable = yes
write list = @"WORKGROUP\Domain Admins"
readonly = yes
[HomeDirectories]
comment = Home Directories
path = /data/HomeDirectories
writeable = yes
guest ok = no
veto files = /lost+found/jlanclos/k0268/
#acl group control = yes
map acl inherit = yes
valid users = @"WORKGROUP\MIS"
[OfficeDirectories]
comment = Long Term Data Storage
path = /data/SharedData/OfficeDirectories
map acl inherit = yes
ea support = yes
writeable = yes
guest ok = yes
admin users = @"WORKGROUP\Domain Admins"
inherit acls = yes
#inherit owner = yes
inherit permissions = yes
#acl group control = yes
dos filemode = yes
veto files = /.recycle/lost+found/
veto oplock files = /*.qbw*/*.QBW*/
#vfs object = recycle full_audit vscan-clamav
vfs object = recycle full_audit
recycle:repository = .recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:touch_mtime = no
full_audit:prefix = %m|%u|%S
full_audit:success = unlink rename mkdir pwrite rmdir
full_audit:failure = pwrite
#vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[Forms]
copy = OfficeDirectories
comment = Forms
path = /data/SharedData/Forms
[LDAFApps]
copy = OfficeDirectories
path = /data/SharedData/LDAFApps
comment = LDAF Applications
writeable = yes
guest ok = no
veto files = /lost+found/
[DocumentImaging]
copy = OfficeDirectories
comment = Document Imaging Application Images
path = /data/SharedData/DocumentImaging
writeable = yes
guest ok = no
[DFSShare]
copy = OfficeDirectories
comment =
path = /data/SharedData/DFS-Share
[Media]
copy = OfficeDirectories
comment = Executive PR
path = /data/SharedData/Media
writeable = yes
guest ok = yes
veto files = /lost+found/
[oldgdrive]
path = /data/SharedData/oldgdrive
writeable = yes
map acl inherit = yes
admin users = jlanclos, @"WORKGROUP\Domain Admins"
-------------------------------------------------------------
Thanks,
Jason
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: Friday, May 18, 2007 12:07 PM
To: Jason Lanclos
Cc: samba at lists.samba.org
Subject: Re: [Samba] 3.0.25 Winbind high CPU usage
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jason Lanclos wrote:
> I just upgraded from 3.0.23d to 3.0.25 and I'm noticing that winbind
is
> chewing up a lot of CPU usage.
>
> There are always 2 winbindd processes and one uses about 80% cpu and
the
> other use 15% cpu.
>
> When I run a tcpdump and look at the traffic going to/from the domain
> controller winbindd is connected to, there is a constant flow of
> traffic.
>
>
> Here is the winbind setup from my smb.conf file:
>
> #idmap uid = 16777216-33554431
> #idmap gid = 16777216-33554431
> allow trusted domains = no
> #idmap backend = idmap_rid:WORKGROUP=16777216-33554431
> idmap alloc backend = tdb
>
> idmap domains = WORKGROUP
> idmap config WORKGROUP: default = yes
> idmap config WORKGROUP: backend = rid
> idmap config WORKGROUP: read_only = yes
> idmap config WORKGROUP: range = 16777216-33554431
> idmap alloc config: range = 16777216-33554431
>
> winbind offline logon = true
> winbind nested groups = no
> winbind enum users = yes
> winbind enum groups = yes
> winbind cache time = 900
First I would disable thwe winbindd enum users/group options.
Second, you might want to push the "idmap cache time" and
"idmap negative cache time" value up from their default values.
Finally, I have it on my TODO list to move the winbindd and
idmap cache managers into the main winbindd proces so we don't
have to cross process boundaries unless we actually hitting
the backend (i.e. xpired cache entries).
Can you give me a better idea of what is going on in smbd
and other applications running on the server?
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTd1MIR7qMdg1EfYRAoJMAJ9Nye7WhjjOOklNJsVbTfGCBSSn9ACgsCeq
KgPypRDG/SoGuhyb0J1A1BA=
=oc5C
-----END PGP SIGNATURE-----
More information about the samba
mailing list