[Samba] win bind extremely slow after Upgrade to 4.2

Prunk Dump prunkdump at gmail.com
Wed Apr 27 11:30:16 UTC 2016


2016-04-27 9:36 GMT+02:00 Oliver Werner <oliver.werner at kontrast.de>:
> Hi,
>
> we have upgrade an Samba Member (DCs already upgraded) from Samba 4.1.17 to Samba 4.2.10.
>
> On DCs work fine after install winbind.
>
> But our member extremely slow.
>
> Connect to the Share takes 2-3 minutes and directory listing need 2-5 minutes.
>
>
> wbinfo -u takes around 20 seconds and will not return output
>
> wbinfo -g takes 3 seconds and show my groups
>
> id user.name takes 20 seconds and shows information  of the user and its groups
>
>
> smb.conf for samba member:
>
> [global]
>        netbios name = PL0024
>        security = ADS
>        workgroup = HQKONTRAST
>        realm = hq.kontrast
>
>        log file = /var/log/samba/%m.log
>        log level = 1
>
>        dedicated keytab file = /etc/krb5.keytab
>        kerberos method = secrets and keytab
>        winbind refresh tickets = yes
>
>        winbind trusted domains only = no
>        winbind use default domain = yes
>        winbind enum users  = yes
>        winbind enum groups = yes
>       winbind cache time = 60
>
>
>        # Default idmap config used for BUILTIN and local accounts/groups
>        idmap config *:backend = tdb
>        idmap config *:range = 500-1023
>
>        # idmap config for domain HQKONTRAST
>        idmap config HQKONTRAST:backend = ad
>        idmap config HQKONTRAST:schema_mode = rfc2307
>        idmap config HQKONTRAST:range = 1024-99999
>
>        # Use settings from AD for login shell and home directory
>        winbind nss info = rfc2307
>
> smb.conf DC:
>
> [global]
>         workgroup = HQKONTRAST
>         realm = HQ.KONTRAST
>         netbios name = VL0227
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         interfaces = eth0:35 eth0:38
>         bind interfaces only=yes
>         log level = 3
>
>         ldap server require strong auth = no
>
>         tls enabled  = yes
>         tls keyfile  = /var/lib/samba/private/tls/key.pem
>         tls certfile = /var/lib/samba/private/tls/cert.pem
>         tls cafile   = /var/lib/samba/private/tls/ca.pem
>
> [netlogon]
>         path = /var/lib/samba/sysvol/hq.kontrast/scripts
>         read only = No
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
>
>
>
>
>
> OLIVER WERNER
> Systemadministrator
>
>
>
>
>
> Kontrast Communication Services GmbH
> Grafenberger Allee 100, 40237 Düsseldorf, Germany
>
> Fon  +49-211-91505-500
> Fax  +49-211-91505-530
> www.kontrast.de <http://www.kontrast.de/>
>
> Amtsgericht Düsseldorf: HRB 26934
> Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der Vlist
>
>  <https://www.facebook.com/kontrast.communication>     <https://twitter.com/KONTRAST_de>     <http://www.xing.com/companies/kontrastcommunicationservicesgmbh>     <http://www.linkedin.com/company/kontrast-communication-services-gmbh>     <https://vimeo.com/kontrastcs>     <http://instagram.com/kontrast_de>
>
> Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
>
> Please consider the environment and only print this if required.
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Hello,

I'm also affected by the same problem after an upgrade from Samba-4.1
to Samba-4.2 (Debian security update). I have found that the winbind
slowdown affect the server and the clients. To test the speed I launch
the following command :

wbinfo --user-info=myuser1 --user-info=myuser2 --user-info=myuser3
.... (+30 users)

When I have switched the server from the "winbind" service to
"winbindd", the winbind lookups are slower but not dramatically.
Before the update the command take 1 second and now 3 seconds. I can
see visually the difference.

On the clients the user/group enumeration are disabled. The command
take now 20 seconds to lookup the 30 users. Is this normal ? is This
due to the need of the AD connections to be signed on samba 4.2 ?

I don't know how I can debug there winbind lookups.

Thanks for the help !

Baptiste.



More information about the samba mailing list