[Samba] Samba4 AD/DC slow share access

Tue Sep 22 08:57:45 UTC 2015

Hi,

As you are using VMs you could deploy a new one easily. Why not to try to
build a file server to move your shares from your DC to that file server?
This way you will separate AD and file sharing and be able to see more
easily from which part the problem comes.

Cheers,

mathias

2015-09-22 9:38 GMT+02:00 Alain Deleglise <alain.deleglise at alterway.fr>:

> Hi list,
>
> I'm curently facing a huge issue with a samba4 ad dc box.
>
> This server is running on a VM (debian wheezy) with samba package comming
> from the backports repo, got 12Go RAM and 8 VCPU.
> The VM is hosted on a Blade Center running VMWare ESXi 5.1
>
> The domain was previously on samba 3, and was working like a charm.
>
> We have followed the samba wiki on how to migrate from samba3 to samba4, it
> went well exept for 300+ groups that were not imported.
>
> The domain and shares worked well for about one week, then the access to
> public and private shares became painfully slow.
>
> Only windows xp boxes are joined to the samba4 domain and have access to
> shared datas. There's about 600 users connected.
>
> We saw that on process of smbd goes up to using 90%+ CPU steadily, and when
> it happens the shares access are slow.
>
> Network switches and routers have been checked and everything network
> related seems normal.
>
> Here is the smb.conf in use :
>
> # Global parameters
> [global]
>     interfaces = 127.0.0.1/8 127.1.1.1/8 IP_ETH0
>     server role = active directory domain controller
>     workgroup = XXXX
>     realm = XXXX.EXAMPLE.COM
>     netbios name = AD.XXXX
>
>     # DNS
>     dns forwarder = IP_DNS
>     allow dns updates = nonsecure
>
>     #LOGS
>     log file = /var/log/samba.log
>     log level = 3
>
>     load printers = no
>     dos charset = 850
>     unix charset = UTF-8
>
>     inherit permissions = yes
>     inherit acls = yes
>
>
>     load printers = yes
>     printing = cups
>     printcap cache time = 60
>     printcap name = cups
>     rpc_server:spoolss = external
>     rpc_daemon:spoolssd = fork
>
>
>     #socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> SO_SNDBUF=65536
>
>     #passdb backend = samba4
>     #security = user
>     #public = yes
>
>     hide unreadable = yes
>
> [netlogon]
>     #path = /var/lib/samba/sysvol/xxxx.example.com/scripts
>     path = /var/lib/samba/netlogon
>     read only = No
>
> [sysvol]
>     path = /var/lib/samba/sysvol
>     read only = No
>
> [Profiles]
>
>     path = /var/samba/Profiles/%U
>     browsable = yes
>     writable = yes
>     create mask = 0600
>     Directory mask = 0700
>
> [public]
>
>     path = /var/lib/samba/public
>     public = yes
>     writable = yes
>     browseable = yes
>     printable = no
>
>
>     veto oplock files =
>
> /*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*.*-MS/*.*db/
>
> [prive]
>
>     path = /var/lib/samba/prive/%U
>     public = yes
>     writable = yes
>     browseable = yes
>     printable = no
>
>
>     veto oplock files =
>
> /*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*.*-MS/*.*db/
>
> [printers]
>      comment = All Printers
>      path = /var/spool/samba
>      create mask = 0700
>      guest ok = Yes
>      printable = Yes
>      print ok = Yes
>      browseable = No
>
> [print$]
>      comment = Printer Drivers
>      path = /var/lib/samba/printers
>      write list = Administrator root @"domain admins"
>      read only = No
>      writeable = yes
>
> Do you think that this VM is too small to hold 600+ users ?
>
> What could cause those latencies when users try to access shares ?
>
> Any idea would be appreciated !
>
> Thanks
>
>
> Alain Deléglise
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>