[Samba] Samba 4.3.x high CPU load
Chris Alavoine
chrisa at acs-info.co.uk
Wed Jan 6 09:08:31 UTC 2016
Hi there,
I have a multi DC global setup. 9 x Ubuntu 14.04.3 DC's in multiple Sites.
This has been working nicely for some time however recently the FSMO holder
has been refusing LDAP requests on occasions and showing constant very high
CPU usage:
top - 08:59:12 up 8:51, 1 user, load average: 1.03, 1.00, 1.03
Tasks: 186 total, 4 running, 182 sleeping, 0 stopped, 0 zombie
%Cpu0 : 2.6 us, 2.6 sy, 0.0 ni, 94.9 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
%Cpu1 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
%Cpu2 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
%Cpu3 : 97.4 us, 2.6 sy, 0.0 ni, 0.0 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
%Cpu4 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
%Cpu5 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
%Cpu6 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
%Cpu7 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
KiB Mem: 4078212 total, 2193268 used, 1884944 free, 354864 buffers
KiB Swap: 1949692 total, 0 used, 1949692 free. 1010792 cached Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
25571 root 20 0 839960 288416 30328 R 99.5 7.1 56:04.45 samba
968 bind 20 0 1097008 89808 8168 S 2.6 2.2 6:57.09 named
I am also seeing this if I do "samba-tool fsmo show":
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 395, in run
domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
master_owner = res[0]["fSMORoleOwner"][0]
If I stop/start samba the high load switches to the other DC in this Site
and the same behaviour is exhibited.
Has anyone else experience anything like this? Could it be linked to the
recent patch for CVE-2015-5330 (Remote memory read in Samba LDAP server)?
I've tried patching my main FSMO roles DC and it's Site counterpart. My
other DC's are still on 4.3.1, but I am planning to upgrade them today. The
high load still persists on the 4.3.3 upgraded DC's, so I'm guessing this
is something else.
We use NSLCD bindpw to authenticate the majority of our member servers.
This has worked very well for a few years now but could there be a problem
there maybe? This is our nslcd conf:
uid nslcd
gid nslcd
uri ldap://192.168.x.x ldap://192.168.x.x
base dc=EXAMPLE,dc=internal,dc=com
binddn CN=ldap-connect,CN=Users,DC=example,DC=internal,DC=com
bindpw xxxxxxxxxxxxxx
pagesize 1000
referrals off
filter passwd (objectClass=user)
filter group (objectClass=group)
map passwd uid sAMAccountName
map passwd homeDirectory unixHomeDirectory
Any pointers much appreciated.
Thanks,
Chris.
--
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192
More information about the samba
mailing list