[Samba] Flooding Samba DC with random requests

Andrew Bartlett abartlet at samba.org
Tue Apr 25 09:44:59 UTC 2017

On Tue, 2017-04-25 at 09:05 +0000, Julian Zielke via samba wrote:
> Hi,
> yesterday we experienced a heavy request flooding from multiple
> servers being a domain member against our Samba Sernet DCs.
> All those servers are domain members and allow login using PAM
> (Samba+Winbind).

Currently we only have one process handling the LDAP traffic, which
would explain why a traffic flood like this:

> Running TCPDump we had like 400 Requests per 5 seconds like this:


Still only gives busy CPU, but not I/O wait:

> Due to that flooding, even logins via ssh on our servers timed out.
> CPU Load on both DCs went up to 95% without high I/O wait.
> After restarting the sernet-samba-ad service on both DCs, the Problem
> went away.

My first guess is that the multiple connections caused timeouts on the
clients, causing the clients to reconnect and try again, magnifying the
load.  However it is really hard to tell with the limited information

I'm working to make our LDAP server multi-process, more efficient and
able to use all the available CPUs. 

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list