[Samba] Samba4 AD/DC slow share access

Alain Deleglise alain.deleglise at alterway.fr
Tue Sep 22 09:28:51 UTC 2015 

Hi mathias,

unfortunately, this operation will require too much time for now.

I will keep this idea in mind, but i think that it could work flawlessly in
this configuration. Don't you think ?


DELEGLISE Alain
Administrateur Systèmes

ALTER WAY Nord
EuraTechnologies
165 avenue de Bretagne
59000 LILLE

tél +33 1 41 16 83 42
<https://continuity.alterway.fr/>

<http://www.alterway.fr/signatures/url/1>
Membre du Pôle Nord, Pôle de l'Open-source et des Logiciels libres des
Entreprises du Nord - Pas de Calais : http://www.polenord.info/
------------------------------
[image: --]*Afin de contribuer au respect de l'environnement, merci de
n'imprimer ce mail qu'en cas de nécessité*

2015-09-22 10:57 GMT+02:00 mathias dufresne <infractory at gmail.com>:

> Hi,
>
> As you are using VMs you could deploy a new one easily. Why not to try to
> build a file server to move your shares from your DC to that file server?
> This way you will separate AD and file sharing and be able to see more
> easily from which part the problem comes.
>
> Cheers,
>
> mathias
>
> 2015-09-22 9:38 GMT+02:00 Alain Deleglise <alain.deleglise at alterway.fr>:
>
> > Hi list,
> >
> > I'm curently facing a huge issue with a samba4 ad dc box.
> >
> > This server is running on a VM (debian wheezy) with samba package comming
> > from the backports repo, got 12Go RAM and 8 VCPU.
> > The VM is hosted on a Blade Center running VMWare ESXi 5.1
> >
> > The domain was previously on samba 3, and was working like a charm.
> >
> > We have followed the samba wiki on how to migrate from samba3 to samba4,
> it
> > went well exept for 300+ groups that were not imported.
> >
> > The domain and shares worked well for about one week, then the access to
> > public and private shares became painfully slow.
> >
> > Only windows xp boxes are joined to the samba4 domain and have access to
> > shared datas. There's about 600 users connected.
> >
> > We saw that on process of smbd goes up to using 90%+ CPU steadily, and
> when
> > it happens the shares access are slow.
> >
> > Network switches and routers have been checked and everything network
> > related seems normal.
> >
> > Here is the smb.conf in use :
> >
> > # Global parameters
> > [global]
> >     interfaces = 127.0.0.1/8 127.1.1.1/8 IP_ETH0
> >     server role = active directory domain controller
> >     workgroup = XXXX
> >     realm = XXXX.EXAMPLE.COM
> >     netbios name = AD.XXXX
> >
> >     # DNS
> >     dns forwarder = IP_DNS
> >     allow dns updates = nonsecure
> >
> >     #LOGS
> >     log file = /var/log/samba.log
> >     log level = 3
> >
> >     load printers = no
> >     dos charset = 850
> >     unix charset = UTF-8
> >
> >     inherit permissions = yes
> >     inherit acls = yes
> >
> >
> >     load printers = yes
> >     printing = cups
> >     printcap cache time = 60
> >     printcap name = cups
> >     rpc_server:spoolss = external
> >     rpc_daemon:spoolssd = fork
> >
> >
> >     #socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> > SO_SNDBUF=65536
> >
> >     #passdb backend = samba4
> >     #security = user
> >     #public = yes
> >
> >     hide unreadable = yes
> >
> > [netlogon]
> >     #path = /var/lib/samba/sysvol/xxxx.example.com/scripts
> >     path = /var/lib/samba/netlogon
> >     read only = No
> >
> > [sysvol]
> >     path = /var/lib/samba/sysvol
> >     read only = No
> >
> > [Profiles]
> >
> >     path = /var/samba/Profiles/%U
> >     browsable = yes
> >     writable = yes
> >     create mask = 0600
> >     Directory mask = 0700
> >
> > [public]
> >
> >     path = /var/lib/samba/public
> >     public = yes
> >     writable = yes
> >     browseable = yes
> >     printable = no
> >
> >
> >     veto oplock files =
> >
> >
> /*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*.*-MS/*.*db/
> >
> > [prive]
> >
> >     path = /var/lib/samba/prive/%U
> >     public = yes
> >     writable = yes
> >     browseable = yes
> >     printable = no
> >
> >
> >     veto oplock files =
> >
> >
> /*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*.*-MS/*.*db/
> >
> > [printers]
> >      comment = All Printers
> >      path = /var/spool/samba
> >      create mask = 0700
> >      guest ok = Yes
> >      printable = Yes
> >      print ok = Yes
> >      browseable = No
> >
> > [print$]
> >      comment = Printer Drivers
> >      path = /var/lib/samba/printers
> >      write list = Administrator root @"domain admins"
> >      read only = No
> >      writeable = yes
> >
> > Do you think that this VM is too small to hold 600+ users ?
> >
> > What could cause those latencies when users try to access shares ?
> >
> > Any idea would be appreciated !
> >
> > Thanks
> >
> >
> > Alain Deléglise
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list