[Samba] System load problem with samba 4.4.2 caused by many ntlm auth client requests

Rainer Krienke krienke at uni-koblenz.de
Wed Oct 4 06:12:12 UTC 2017

Am 02.10.2017 um 16:41 schrieb Rowland Penny via samba:
> On Mon, 2 Oct 2017 14:51:54 +0200
> Rainer Krienke via samba <samba at lists.samba.org> wrote:
>> Hello,
>> ....
>>  [2017/10/02 11:07:47.046715,  2]
>> ../source3/auth/auth.c:315(auth_check_ntlm_password)
>> check_ntlm_password:  Authentication for user [HOSTNAME$] ->
> It looks fairly obvious to me, the Samba machine doesn't know the user
> trying to connect.


Thanks for your answer. I doubt that this is a user authentication. On
the system with the "ntlm every second auth" problem I saw the logged in
user had his shares connected in smbstatus, and no user would be able to
try to connect each second as the ntlm log messages indicate.

Moreover if this was a problem of a user trying to connect to a share,
then I would expect to hear complaints from exactly those users where
the connections obviously fail with the message from above. But there
are no complaints. And as far as I understand windows and samba ADS
security, authentication is done by the domaincontroller (which is not
our smb server) via kerberos and not via ntlm.

The guess of our windows admin is that the clients with this behaviour
talk to the samba server like they should do to the domain controller
for domain-client management. But on the domaincontroller there are no
error messages or hints to what this is all about.

> Is there any reason for using the idmap_nss backend ?
> With this, you need users on the Samba machine with the same name as
> the Domain users i.e. for DOMAIN\jsmith there must be a Unix user
> called jsmith.

Yes this is true. We have many people at our sites working with windows
and also people working with linux. Sometimes people are even using both
systems. So all user-ids always exist on unix and windows, so that it
does not matter on which system a file has been created/edited, it will
be available on all systems with proper ownership and permissions.

> Has anything changed on the windows machines ? any updates etc.

Regular MS patches are always installed on the windows clients. So it
might be such an patch that causes trouble, but after all you can't run
windows without them....

Any alternative theory is welcome.....

Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1
56070 Koblenz, Tel: +49261287 1312 Fax +49261287 100 1312
Web: http://userpages.uni-koblenz.de/~krienke
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html

More information about the samba mailing list