[Samba] Samba 4.3.x high CPU load

Chris Alavoine chrisa at acs-info.co.uk
Wed Jan 6 09:08:31 UTC 2016


Hi there,

I have a multi DC global setup. 9 x Ubuntu 14.04.3 DC's in multiple Sites.

This has been working nicely for some time however recently the FSMO holder
has been refusing LDAP requests on occasions and showing constant very high
CPU usage:

top - 08:59:12 up  8:51,  1 user,  load average: 1.03, 1.00, 1.03
Tasks: 186 total,   4 running, 182 sleeping,   0 stopped,   0 zombie
%Cpu0  :  2.6 us,  2.6 sy,  0.0 ni, 94.9 id,  0.0 wa,  0.0 hi,  0.0 si,
 0.0 st
%Cpu1  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
 0.0 st
%Cpu2  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
 0.0 st
%Cpu3  : 97.4 us,  2.6 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,
 0.0 st
%Cpu4  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
 0.0 st
%Cpu5  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
 0.0 st
%Cpu6  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
 0.0 st
%Cpu7  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,
 0.0 st
KiB Mem:   4078212 total,  2193268 used,  1884944 free,   354864 buffers
KiB Swap:  1949692 total,        0 used,  1949692 free.  1010792 cached Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
25571 root      20   0  839960 288416  30328 R  99.5  7.1  56:04.45 samba
  968 bind      20   0 1097008  89808   8168 S   2.6  2.2   6:57.09 named


I am also seeing this if I do "samba-tool fsmo show":

ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 395, in run
    domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 42, in get_fsmo_roleowner
    master_owner = res[0]["fSMORoleOwner"][0]

If I stop/start samba the high load switches to the other DC in this Site
and the same behaviour is exhibited.

Has anyone else experience anything like this? Could it be linked to the
recent patch for CVE-2015-5330 (Remote memory read in Samba LDAP server)?
I've tried patching my main FSMO roles DC and it's Site counterpart. My
other DC's are still on 4.3.1, but I am planning to upgrade them today. The
high load still persists on the 4.3.3 upgraded DC's, so I'm guessing this
is something else.

We use NSLCD bindpw to authenticate the majority of our member servers.
This has worked very well for a few years now but could there be a problem
there maybe? This is our nslcd conf:

uid nslcd
gid nslcd
uri ldap://192.168.x.x ldap://192.168.x.x
base dc=EXAMPLE,dc=internal,dc=com
binddn CN=ldap-connect,CN=Users,DC=example,DC=internal,DC=com
bindpw xxxxxxxxxxxxxx
pagesize 1000
referrals off
filter  passwd  (objectClass=user)
filter  group   (objectClass=group)
map     passwd   uid                sAMAccountName
map     passwd  homeDirectory      unixHomeDirectory


Any pointers much appreciated.

Thanks,
Chris.

-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192


More information about the samba mailing list