[Samba] Unable to use more than 1000 concurrent ntlm_auth processes

Michael Hendrie michael at hendrie.id.au
Sat Aug 18 07:33:08 MDT 2012


Hi List,

I'm running a heavily loaded squid server that uses ntlm_auth to provide NTLM authentication.

As load has increased over time, I've found the need to increase the number of ntlm_auth processes available to squid as well as the "winbind max clients" value in the smb.conf file.  This has worked well up until now but seems I've hit some sort of limit.

If I keep the number of ntlm_auth processes under 1000, all is good.  Going above continually produces the messages below in /var/log/messages and the additional helpers unusable:

Aug 16 22:34:17 prox (ntlm_auth): [2012/08/16 22:34:17.342283,  0] utils/ntlm_auth.c:186(get_winbind_domain) 
Aug 16 22:34:17 prox (ntlm_auth):   could not obtain winbind domain name! 
Aug 16 22:34:17 prox (ntlm_auth): [2012/08/16 22:34:17.345335,  0] utils/ntlm_auth.c:186(get_winbind_domain) 
Aug 16 22:34:17 prox (ntlm_auth):   could not obtain winbind domain name! 
Aug 16 22:34:17 prox (ntlm_auth): [2012/08/16 22:34:17.353230,  0] utils/ntlm_auth.c:186(get_winbind_domain) 
Aug 16 22:34:17 prox (ntlm_auth):   could not obtain winbind domain name! 
Aug 16 22:34:17 prox (ntlm_auth): [2012/08/16 22:34:17.358237,  0] utils/ntlm_auth.c:186(get_winbind_domain) 
Aug 16 22:34:17 prox (ntlm_auth):   could not obtain winbind domain name!

And with winbindd log level on 9, /var/log/samba/winbindd.log shows:

[2012/08/16 22:33:42.352991,  6] winbindd/winbindd.c:768(new_connection)
  accepted socket 1032
[2012/08/16 22:33:42.359183,  6] winbindd/winbindd.c:768(new_connection)
  accepted socket 1036
[2012/08/16 22:37:59.337941,  2] winbindd/winbindd.c:710(winbind_client_response_written)
  Could not write response[14772:INTERFACE_VERSION] to client: Broken pipe
[2012/08/16 22:37:59.338755,  3] winbindd/winbindd_misc.c:352(winbindd_interface_version)
  [14607]: request interface version
[2012/08/16 22:37:59.339035,  2] winbindd/winbindd.c:710(winbind_client_response_written)
  Could not write response[14607:INTERFACE_VERSION] to client: Broken pipe
[2012/08/16 22:37:59.339319,  3] winbindd/winbindd_misc.c:352(winbindd_interface_version)
  [14777]: request interface version
[2012/08/16 22:37:59.339637,  2] winbindd/winbindd.c:710(winbind_client_response_written)
  Could not write response[14777:INTERFACE_VERSION] to client: Broken pipe
[2012/08/16 22:42:59.321236,  3] winbindd/winbindd_misc.c:352(winbindd_interface_version)
  [14363]: request interface version
[2012/08/16 22:42:59.321588,  2] winbindd/winbindd.c:710(winbind_client_response_written)
  Could not write response[14363:INTERFACE_VERSION] to client: Broken pipe

Running distro supplied samba versions:

samba3x.x86_64:  3.5.10-0.110.el5_8
samba3x-common.x86_64:  3.5.10-0.110.el5_8
samba3x-winbind.x86_64:  3.5.10-0.110.el5_8

Does anyone have any suggestions on how to overcome this issue, I am happy to compile from source if there are any options that could help?

Thanks
Mick




More information about the samba mailing list