[Samba] Unable to use more than 1000 concurrent ntlm_auth processes
Michael Hendrie
michael at hendrie.id.au
Sat Aug 18 20:55:56 MDT 2012
On 19/08/2012, at 9:04 AM, Michael Wood <esiotrot at gmail.com> wrote:
> Just a guess but maybe you have a limit of 1024 sockets/open files.
> Try increasing that and see if it makes a difference.
Thanks for your suggestion but unfortunately not the cause. I have set "ulimit -n" and and "ulimit -u" well in excess of what is being requested and confirmed these settings via /proc/pid/limits
>
> On 8/18/12, Michael Hendrie <michael at hendrie.id.au> wrote:
>> Hi List,
>>
>> I'm running a heavily loaded squid server that uses ntlm_auth to provide
>> NTLM authentication.
>>
>> As load has increased over time, I've found the need to increase the number
>> of ntlm_auth processes available to squid as well as the "winbind max
>> clients" value in the smb.conf file. This has worked well up until now but
>> seems I've hit some sort of limit.
>>
>> If I keep the number of ntlm_auth processes under 1000, all is good. Going
>> above continually produces the messages below in /var/log/messages and the
>> additional helpers unusable:
>>
>> Aug 16 22:34:17 prox (ntlm_auth): [2012/08/16 22:34:17.342283, 0]
>> utils/ntlm_auth.c:186(get_winbind_domain)
>> Aug 16 22:34:17 prox (ntlm_auth): could not obtain winbind domain name!
>> Aug 16 22:34:17 prox (ntlm_auth): [2012/08/16 22:34:17.345335, 0]
>> utils/ntlm_auth.c:186(get_winbind_domain)
>> Aug 16 22:34:17 prox (ntlm_auth): could not obtain winbind domain name!
>> Aug 16 22:34:17 prox (ntlm_auth): [2012/08/16 22:34:17.353230, 0]
>> utils/ntlm_auth.c:186(get_winbind_domain)
>> Aug 16 22:34:17 prox (ntlm_auth): could not obtain winbind domain name!
>> Aug 16 22:34:17 prox (ntlm_auth): [2012/08/16 22:34:17.358237, 0]
>> utils/ntlm_auth.c:186(get_winbind_domain)
>> Aug 16 22:34:17 prox (ntlm_auth): could not obtain winbind domain name!
>>
>> And with winbindd log level on 9, /var/log/samba/winbindd.log shows:
>>
>> [2012/08/16 22:33:42.352991, 6] winbindd/winbindd.c:768(new_connection)
>> accepted socket 1032
>> [2012/08/16 22:33:42.359183, 6] winbindd/winbindd.c:768(new_connection)
>> accepted socket 1036
>> [2012/08/16 22:37:59.337941, 2]
>> winbindd/winbindd.c:710(winbind_client_response_written)
>> Could not write response[14772:INTERFACE_VERSION] to client: Broken pipe
>> [2012/08/16 22:37:59.338755, 3]
>> winbindd/winbindd_misc.c:352(winbindd_interface_version)
>> [14607]: request interface version
>> [2012/08/16 22:37:59.339035, 2]
>> winbindd/winbindd.c:710(winbind_client_response_written)
>> Could not write response[14607:INTERFACE_VERSION] to client: Broken pipe
>> [2012/08/16 22:37:59.339319, 3]
>> winbindd/winbindd_misc.c:352(winbindd_interface_version)
>> [14777]: request interface version
>> [2012/08/16 22:37:59.339637, 2]
>> winbindd/winbindd.c:710(winbind_client_response_written)
>> Could not write response[14777:INTERFACE_VERSION] to client: Broken pipe
>> [2012/08/16 22:42:59.321236, 3]
>> winbindd/winbindd_misc.c:352(winbindd_interface_version)
>> [14363]: request interface version
>> [2012/08/16 22:42:59.321588, 2]
>> winbindd/winbindd.c:710(winbind_client_response_written)
>> Could not write response[14363:INTERFACE_VERSION] to client: Broken pipe
>>
>> Running distro supplied samba versions:
>>
>> samba3x.x86_64: 3.5.10-0.110.el5_8
>> samba3x-common.x86_64: 3.5.10-0.110.el5_8
>> samba3x-winbind.x86_64: 3.5.10-0.110.el5_8
>>
>> Does anyone have any suggestions on how to overcome this issue, I am happy
>> to compile from source if there are any options that could help?
>>
>> Thanks
>> Mick
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
> --
> Michael Wood <esiotrot at gmail.com>
More information about the samba
mailing list