[Samba] howto optimize samba/kerberos for 20k requests per minute - help needed

Stefan Bauer stefan.bauer at cubewerk.de
Fri Jul 16 05:57:31 UTC 2021

Dear Samba-Users,

we have to use a very bad web-application that does around 20million DAP/Kerberos-requests against our samba domain controller per day.

That renders the system almost unusable due to the high amount of requests.

Server iowait is at 20-30%.

As the web-application does not have any caching options, I'm hoping for help on this list to "optimize" the samba domain cotroller.

iotop reports:

Total DISK READ:         0.00 B/s | Total DISK WRITE:         2.67 M/s
Current DISK READ:       0.00 B/s | Current DISK WRITE:       2.80 M/s
  TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND                                                                                                                                      
 1996 be/4 root        0.00 B/s    2.55 M/s  0.00 % 27.84 % samba: conn[kdc_tcp] c[ipv4:] s[ipv4:] server_id[1996.47]
 2560 be/4 root        0.00 B/s    0.00 B/s  0.00 %  0.00 % samba: conn[ldap] c[ipv4:] s[ipv4:] server_id[2560] is the web-application.

I record around 15K kerberos request / minute with tcpdump.

Any help is greatly appreciated.

samba is Version 4.10.18-Univention

configuration attached.

thank you.

Kind regards,


More information about the samba mailing list