[Samba] HUGE delays during logon time

éric le hénaff eric.le.henaff at ens.fr
Wed Feb 16 07:47:36 MST 2011 

Hello list

i recently replaced (1st of january) our old samba server 
(debian+samba3.0.14a) to a new one (debian squeeze+samba3.5.6).
we now have HUGE delays during logon time, up to 8 minutes. The client 
and servers seems to do nothing during that time.

This afternoon, i tried to logon to a workstation. Here is the log.
in log.ul_102:
[2011/02/16 14:53:31.267254,  1] smbd/service.c:1070(make_connection_snum)
   ul_102 (::ffff:129.199.59.66) connect to service profiles initially 
as user *** (uid=1416, gid=513) (pid 2644)
[2011/02/16 15:26:45.286766,  1] smbd/service.c:1251(close_cnum)
   ul_102 (::ffff:129.199.59.66) closed connection to service profiles
[2011/02/16 15:26:45.319614,  1] smbd/service.c:1070(make_connection_snum)
   ul_102 (::ffff:129.199.59.66) connect to service netlogon initially 
as user *** (uid=1416, gid=513) (pid 2644)
[2011/02/16 15:26:48.103532,  1] smbd/service.c:1070(make_connection_snum)
   ul_102 (::ffff:129.199.59.66) connect to service users initially as 
user *** (uid=0, gid=513) (pid 2644)

So it took 33 minutes !!!
It seems it's getting worse.

Is it a known problem ? Anybody else encountered it ?
Is there a way to correct the problem ?

The first connection to service profiles failed. It restarted 33 minutes 
later and succeeded.
The problem may come from service profiles. We have roaming profiles and 
have problems with them. But i think that if the profiles where 
misconfigured, it should'nt work at all, should it?

Thanks for any suggestions or solutions.


here is my smb.conf :

#======================= Paramètres globaux =======================
[global]
## Browsing/Identification ###

workgroup = ***
netbios name = ***
server string = %h

## PDC
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
local master = Yes

dns proxy = no
wins support = yes

#### Debugging/Accounting ####
# c'est à dire le log

log file = /var/log/samba/log.%m
syslog = 0
panic action = /usr/share/samba/panic-action %d
log level = 1

########## Authentification ##########
#

security = user

# met à jour le mdp ldap en plus du mdp win
# utile pour les applis qui s'authentifient sur le ldap comme cotation
ldap passwd sync = Yes

# LDAP
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=ens,dc=fr
ldap suffix = dc=ens,dc=fr
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers

ldap ssl = off

add machine script = /usr/sbin/smbldap-useradd -w "%u"
# j'ai lu qu'il fallait -W pour les win7 ; à vérifier
rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'

#### Impression ####

load printers = yes

printing = cups
printcap name = cups

# printer admin = "@Domain Admins"

#### Divers ####

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=819

# j'aime pas les oplocks!! alors j'enlève
use sendfile = no
oplocks = no
level2 oplocks = no

# Serveur de temps (net time \\serveur /set /y)
time server = yes

map acl inherit = yes

#======================= Définitions des partages =======================

### Partages des utilisateurs

[profiles]
  path = /shares/profiles
  read only = no
  create mask = 0600
# create mask = 0640
  directory mask = 0700
# directory mask = 0750
  browseable = No
  guest ok = Yes
  profile acls = yes
  csc policy = disable
  # next line is a great way to secure the profiles
  force user = %U
  # next line allows administrator to access all profiles
  valid users = %U @"Domain Admins"
admin users = ***

[users]
path = /shares/users
read only = No
directory mode = 0770
create mode = 0770
admin users = "@Domain Admins"

[groups]
path = /shares/groups
read only = No

# pour les repertoires
directory mode = 0750

# pour les fichiers
create mode = 0740

admin users = "@Domain Admins"

vfs object = recycle
recycle:keeptree = Yes
recycle:versions = Yes
recycle:touch = yes
recycle:repository = .recycle/%U
recycle:exclude = *#
recycle:minsize = 1

### partages du systèmes

[netlogon]
   comment = Network Logon Service
   path = /shares/netlogon
   read only = No
   browsable = No

[printers]
    comment = All Printers
    browseable = no
    path = /tmp
    printable = yes
    browseable = no

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    guest ok = no
    valid users = "@Domain Admins" @"Print Operators"
    write list =  "@Domain Admins" @"Print Operators"
    create mask = 0664
    directory mask = 0775

### petits partages utiles aux informaticiens

[scripts]
    comment = scripts partagés
    path = /shares/scripts
    read only = no
    admin users = "@Domain Admins"

[wpkg]
    comment = wpkg
    path = /shares/wpkg
    valid users = "@Domain Admins"
    read only = no
(END)



-- 
Éric LE HÉNAFF
École normale supérieure de Paris, rue d'ulm - RUBENS
Informaticien, Ingénieur développements et systèmes auprès du Réseau des 
bibliothèques de l'ENS

Préférez firefox! http://www.mozilla-europe.org/fr/

SVP, évitez de m'envoyer des attachements au format Word, Excel ou 
PowerPoint.
Préférez les formats rtf, csv, html ou pdf au lieu des formats word et 
excel.
Voir http://www.gnu.org/philosophy/no-word-attachments.fr.html pour plus
d'explications.

More information about the samba mailing list