[Samba] Samba Slow for Shared App.

eric eric at pozicom.net
Wed Apr 9 22:51:38 GMT 2008

Hi List:

My setup:


I have an application that is a Win32 app.  We share the application on a
Samba server.  The application has 3 DLLs that it opens and uses code from.

Originally we were running a 2.x version of Samba and all users had local
accounts.  Samba was not acting in a domain controller role.  Users had both
Linux accounts as well as Samba accounts.  In this configuration, things ran
fine for years.  On this particular network, we have about 60 workstations
running our software off the Samba share.

Recently, we moved to the setup I list above including setting up Samba to
be a domain controller ( security=user ).  No Linux local accounts are used
and all user credentials are stored in LDAP.  File access is very fast!  No
complaints there.

The situation that arises is this:
When roughly 20 or so users logon and fire up our software, the software
begins to pause.  The share in question is the [erppro] share in my smb.conf
file.  Our software is basically an accounting software package and it has
many screens where user input is prompted.  So there are lots of Text Boxes
with blinking cursors.  During my investigation of our software "pausing", I
noticed that even the cursor would stop blinking for roughly 3-4 seconds and
start blinking again.  We are running the exact same version and
configuration of software as before the upgrade to this configuration and
version of samba.

The problem gets worst as more users connect and use our software.  On a
test machine, I copied all the EXE and DLL files up to the local hard disk
and the problem went away.

My assumption so far is that many users opening the DLL files associated
with our application is somehow causing the problem.

I tried fiddling with the following parameters without any noticeable
difference no matter what I do except in the case of the socket options.
The setting you see below, commented out, causes file copying to/from the
samba server to run much faster than if I put the setting back in.  

;oplocks = false
;level2oplocks = false
;socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192

Anyone else running into similar issues?

Any thoughts or suggestions welcome!


My SMB.CONF (Note some lines are commented out) 

        interfaces = eth0 lo
        bind interfaces only = yes

## NetBIOS Names
        netbios name = dc1
        workgroup = myworkgroup
        comment = [Samba %v :: PDC]

## Operational Mode (PDC - Primary Domain Controller)
        os level = 65
        security = user
        encrypt passwords = yes
        domain logons = yes
        preferred master = yes
        domain master = yes
        local master = yes
        lm announce = no
        disable netbios = no
        guest account = nobody
        deadtime = 15
        name resolve order = wins lmhosts host bcast

        ; dns proxy tells nmbd when acting as a WINS server and finding that
a NetBIOS name has not been
        ; registered, should treat the NetBIOS name word-for-word as a DNS
name and do a lookup with the
        ; DNS server for that name on behalf of the name-querying client.
        dns proxy = yes

        ; time server nmbd to advertise itself as a time source to windows
        time server = yes

        ;Also needed when using ACL
        wins support = Yes

## LDAP Settings
        passdb backend = ldapsam:ldap://
        ldap suffix = dc=myworkgroup,dc=corp
        ldap admin dn = uid=root,dc=myworkgroup,dc=corp
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap group suffix = ou=Groups
        ldap delete dn = yes
        ldap passwd sync = yes
        ldap ssl = no

        ; The following parameters to assist in adding/deleting
users/machines from a client.
        ; Note: That using these peramaters that refrence the smbldap-tools
means you install samba ldap tools
        ; NOTE2:  the add machine script uses a -t 15 value which needs to
be larger than the 
        ;         the negative time to live values in /etc/nscd.conf !
        add user script = /usr/local/pozix/samba/bin/smbldap-useradd -m -s
/bin/false "%u"
        add machine script = /usr/local/pozix/samba/bin/smbldap-useradd -w
-t 15 -s /bin/false -d /dev/null -g 515 "%u"
        add group script = /usr/local/pozix/samba/bin/smbldap-groupadd -p
        add user to group script =
/usr/local/pozix/samba/bin/smbldap-groupmod -m "%u" "%g"
        delete user from group script =
/usr/local/pozix/samba/bin/smbldap-groupmod -x "%u" "%g"
        set primary group script =
/usr/local/pozix/samba/bin/smbldap-usermod -g "%g" "%u"

        log level = 1

        directory mask = 0750
        hide dot files = yes
        hide unreadable = yes
        hide files = /desktop.ini/
        ;veto files = /*.eml/*.nws/riched20.dll/*.{*}/
        ;veto files = /*.eml/*.nws/*.{*}/
        ;veto oplock files = /*.doc/*.xls/*.mdb/
        ;oplocks = false
        ;level2oplocks = false
        dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
        create mask = 0644
        ;socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192

## VIRUS SCANNING -- causing problems in the global section because its
scanning printers
        ;vfs object = vscan-clamav
        ;vscan-clamav: config-file =
        ;vfs object = vscan-oav
        ;vscan-oav: config-file = /usr/local/pozix/samba/lib/vscan-oav.conf

        ; Location of user's home directory and where it should be mounted
        logon drive = Z:
        logon script = scripts\login.bat
        ; logon path is path for roaming profiles
        logon path = \\%L\profiles\%U
        ; logon home is for Win9x clients
        logon home = \\%L\%U

## PRINTING Section Global Settings 
        ; if you want your own defined print commands to work 
        ; with a Samba that has CUPS support compiled in, simply use
printing = sysv
        printing = cups
        printcap name = cups
        ; note: the /etc/printcap was a work around to get the printer to
show up 
        ; under windows.  I eventually was able to comment it out in favor
of the 
        ; line above, printcap name = cups, after discovering that cupsd
only works
        ; with utf-8 character sets.  So I had to set the Linux OS locale to
        ; and after doing that, things started working!  This is not
documented very well
        ; if at all.  CUPS documentation talks about UTF8 dependency but it
does not talk
        ; about how it affects samba here nor do the samba documents mention
        ; -- Eric Mayo, Pozicom Technologies, Inc.
        ;printcap name = /etc/printcap
        ;cups options = raw
        load printers = Yes
        show add printer wizard = Yes
        max print jobs = 100
        lpq cache time = 100
        ;disable spoolss = no
        max reported print jobs = 1000

## PRINTERS -- This section gets applied to every printer found in cups
(load printers = yes).
        comment = All Network Printers
        printable = yes
        path = /var/smbshares/spool
        guest ok = yes
        public = yes
        read only = yes
        create mode = 0777
        browseable = no
        use client driver = no

## Win2K, WinXP Print Clients
        comment = Printer Driver Downloads
        path = /var/smbshares/prndrivers
        browseable = yes
        guest ok = no
        read only = yes
        create mask = 0664
        directory mask = 0775
        valid users = @"Domain Users",@"Print Operators",@"Domain
        write list =  @"Print Operators",@"Domain Admins",administrator,root

        path = /var/smbshares/netlogon
        comment = Network Logon Service
        guest ok = yes
        browseable = no
        locking  = no
        write list = @"Domain Admins",Administrator
        case sensitive = no
        ;vfs object = recycle
        ;recycle: config-files = /etc/samba/samba-recycle.conf

        path = /var/smbshares/profiles
        read only = no
        create mask = 0600
        directory mask = 0700
        browseable = no
        guest ok = yes
        ;profile acls = yes
        ;csc policy = disable
        # great way to secure profiles
        ;force user = %U
        # allow administrator to access all profiles
        valid users = %U
        ;nt acl support = no
        ;default case = lower
        ;short preserve case = no
        ;case sensitive = no

        path = /var/smbshares/profdata
        read only = no
        create mask = 0600
        directory mask = 0700
        browseable = no
        guest ok = no
        ;vfs object = vscan-clamav
        ;vscan-clamav: config-file =

        comment = Private Documents of %U
        path = /var/smbshares/homes/%U
        writeable = yes
        read only = no
        create mask = 0644
        directory mask = 0775
        browseable = no
        valid users = %S
        locking = no
        root preexec = /usr/local/pozix/samba/bin/mkhomes.sh %U
        ;vfs object = vscan-clamav
        ;vscan-clamav: config-file =
        ;vfs object = recycle 
        ;recycle: config-files = /etc/samba/samba-recycle.conf
        ;vfs object = recycle vscan-clamav
        ;vscan-clamav: config-file = /etc/samba/samba-vscan-clamav.conf

        comment = Public Share 
        path = /var/smbshares/public
        create mask = 0660
        directory mask = 0770
        force user = everyone
        ;force group = @"Domain Users"
        browseable = yes
        writeable = yes
        read only = no
        write list = @"Domain Users", @"Domain Admins"
        valid users = @"Domain Users", @"Domain Admins"
        ;vfs object = vscan-clamav
        ;vscan-clamav: config-file =

        comment = ERP PRO
        path = /var/smbshares/winbjcs
        browseable = yes
        writeable = yes
        read only = no

        comment = Software
        path = /var/smbshares/software
        browseable = yes
        writeable = yes
        read only = no
        write list = @"Domain Admins"
        valid users = @"Domain Users", @"Domain Admins"

        comment = Lanier Scans
        path = /var/smbshares/scans
        browseable = yes
        writeable = yes
        read only = no
        create mask = 0660
        directory mask = 0770
        write list = @"Domain Users", @"Domain Admins"
        valid users = @"Domain Users", @"Domain Admins"

Eric Mayo
Pozicom Technologies, Inc.

More information about the samba mailing list