[Samba] Samba4 AD/DC slow share access

Alain Deleglise alain.deleglise at alterway.fr
Tue Sep 22 07:38:03 UTC 2015 

Hi list,

I'm curently facing a huge issue with a samba4 ad dc box.

This server is running on a VM (debian wheezy) with samba package comming
from the backports repo, got 12Go RAM and 8 VCPU.
The VM is hosted on a Blade Center running VMWare ESXi 5.1

The domain was previously on samba 3, and was working like a charm.

We have followed the samba wiki on how to migrate from samba3 to samba4, it
went well exept for 300+ groups that were not imported.

The domain and shares worked well for about one week, then the access to
public and private shares became painfully slow.

Only windows xp boxes are joined to the samba4 domain and have access to
shared datas. There's about 600 users connected.

We saw that on process of smbd goes up to using 90%+ CPU steadily, and when
it happens the shares access are slow.

Network switches and routers have been checked and everything network
related seems normal.

Here is the smb.conf in use :

# Global parameters
[global]
    interfaces = 127.0.0.1/8 127.1.1.1/8 IP_ETH0
    server role = active directory domain controller
    workgroup = XXXX
    realm = XXXX.EXAMPLE.COM
    netbios name = AD.XXXX

    # DNS
    dns forwarder = IP_DNS
    allow dns updates = nonsecure

    #LOGS
    log file = /var/log/samba.log
    log level = 3

    load printers = no
    dos charset = 850
    unix charset = UTF-8

    inherit permissions = yes
    inherit acls = yes


    load printers = yes
    printing = cups
    printcap cache time = 60
    printcap name = cups
    rpc_server:spoolss = external
    rpc_daemon:spoolssd = fork


    #socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
SO_SNDBUF=65536

    #passdb backend = samba4
    #security = user
    #public = yes

    hide unreadable = yes

[netlogon]
    #path = /var/lib/samba/sysvol/xxxx.example.com/scripts
    path = /var/lib/samba/netlogon
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

[Profiles]

    path = /var/samba/Profiles/%U
    browsable = yes
    writable = yes
    create mask = 0600
    Directory mask = 0700

[public]

    path = /var/lib/samba/public
    public = yes
    writable = yes
    browseable = yes
    printable = no


    veto oplock files =
/*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*.*-MS/*.*db/

[prive]

    path = /var/lib/samba/prive/%U
    public = yes
    writable = yes
    browseable = yes
    printable = no


    veto oplock files =
/*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*.*-MS/*.*db/

[printers]
     comment = All Printers
     path = /var/spool/samba
     create mask = 0700
     guest ok = Yes
     printable = Yes
     print ok = Yes
     browseable = No

[print$]
     comment = Printer Drivers
     path = /var/lib/samba/printers
     write list = Administrator root @"domain admins"
     read only = No
     writeable = yes

Do you think that this VM is too small to hold 600+ users ?

What could cause those latencies when users try to access shares ?

Any idea would be appreciated !

Thanks


Alain Deléglise

More information about the samba mailing list