[Samba] Samba 3.4 authentication suddenly very slow.
dkrause at optivus.com
Wed Jan 4 18:18:11 MST 2012
Some additional info, I'm starting to believe that this is caused by an MS patch that was applied to our AD servers.
I've unarchived the original VMWare image of the test linux installation that we used to verify that 2008r2 AD and Samba would work with win7 clients, it behaves exactly the same way.
From windows, run \\test7 and it immediately returns the full list of available shares, however, click on a share, and it takes more than 1 full minute before access is granted.
Then, I set up a new VM, this time used Cent 6.2, with samba 3.5. Configured, joined the domain, etc.
net ads testjoin works, wbinfo works, kinit works, everything checks out, but this case, the problem is worse.
running \\test12 immediately brings up a list of all shares, attempting to click on any causes the > 1 min what, but then access is denied.
Odd, the logs appear to say that access is granted.
[2012/01/04 16:14:40.004734, 3] lib/access.c:392(check_access)
check_access: no hostnames in host allow/deny list.
[2012/01/04 16:14:40.004933, 2] lib/access.c:409(check_access)
Allowed connection from (::ffff:172.24.143.3)
[2012/01/04 16:14:40.004981, 10] smbd/share_access.c:238(user_ok_token)
user_ok_token: share scully is ok for unix user dkrause
But win7 says that access is denied.
Losing my hair here…
On Jan 4, 2012, at 11:00 AM, Don Krause wrote:
> After a scheduled power outage, with all hosts cleanly shut down, I'm having a bad performance issue on my samba server.
> This configuration has worked well for over a year, but after the power outage, attempting to access any share takes over a minute.
> net ads testjoin is fine,
> wbinfo -u and wbinfo -g returns the correct information.
> The shares CAN be accessed, once accessed, read and write performance is fine.
> The problem is the initial access. I can do \\filehost from the windows box, and it immediately returns a folder showing all shares. Clicking on any share however, pauses for more than a minute, before allowing access.
> Prior to the power outage, typing \\filehost in the Windows "run" box would pop up an auto complete with all available shares, it does not do that now.
> I'm stuck on where to look next. I have the log level set to 10 in my smb.conf file.
> Clients are mixed Win7 and XP, AD is 2008R2, Samba is 3.4.0 on Ubuntu.
>> From smb.conf:
> workgroup = OPTIVUS
> realm = OPTIVUS.COM
> security = ADS
> password server = optad.optivus.com
> log level = 10
> log file = /var/log/samba/%m.log
> max log size = 50
> unix extensions = No
> template shell = /bin/bash
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> hosts allow = 188.8.131.52/16, 172.24.0.0/16
> Don Krause
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Head Systems Geek,
Waver of Deceased Chickens.
Optivus Proton Therapy, Inc.
P.O. Box 608
Loma Linda, California 92354
dkrause at optivus.com
"This message represents the official view of the voices in my head."
More information about the samba