[Samba] Samba 4.1.0 & ACL performance problem?

Christian Stüllenberg sambaml at condor-edv.com
Mon Oct 28 05:59:22 MDT 2013

Hello all,

I've encountered a performance problem and cannot find a solution to
this. My searches in the archives or on google does not bring a light to
me, so I would like to ask you, what I am doing wrong or what I missed.

The problem arises running on samba-4.1.0 compiled from source under
Ubuntu Lucid with kernel version 2.6.32-38.

I want to copy a million of small files (mostly under 100k) from a
win2003 machine to samba with robocopy.exe preserving their acls. samba
has joined the domain as "secondary" domain controller with "samba-tool
domain join samdom.example.com DC ...".  Everything works as expected (I
assume) but performance while coping file acls is poor (about max. 3
files a second).  Coping without acl preservation gives the performance
I expected at a rate about at least 10 times faster.

The performance problem does not arise while serving the shares with
samba-3.4.7 (acting as member server "only"). Their the performance
impact is only around 30%-40% (but in this scenario robocopy.exe does
not work as expected: only creates empty folders without files in it;
this is another issue which should not be part of this post).

Storage-backend for both samba versions is a fc-san attached with 2
qlogic dual-controller, lvm to stripe across several san disks and a
mounted ext4 filesystem:
/dev/mapper/data-vol01 on /srv/share01 type ext4

I've attached both smb.conf versions.  Maybe someone can give me a hint
what I could do about or where to start searching to narrow the problem.

Thanks in advance,
kind regards
Christian Stüllenberg
-------------- next part --------------
        workgroup = SAMDOM
        realm = samdom.example.com
        netbios name = FILESERVER
        server role = active directory domain controller
        map to guest = Bad User
        unix extensions = false
        write cache size = 2097152
        use sendfile = true
        path = /srv/share01
        read only = no

-------------- next part --------------
	workgroup = SAMDOM
	realm = samdom.example.com
	security = ADS
	allow trusted domains = No
	map to guest = Bad User
	obey pam restrictions = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	wins server =,
	panic action = /usr/share/samba/panic-action %d
	idmap backend = idmap_rid:SAMDOM=1500-100000000
	idmap uid = 1500-100000000
	idmap gid = 1500-100000000
	template shell = /bin/bash
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = Yes
	use sendfile = Yes
	write cache size = 2097152
	comment = Archiv_T
	path = /srv/share01
	read only = No
	acl group control = Yes
	vfs objects = acl_xattr
	acl_xattr:ignore system acls = yes

More information about the samba mailing list