[Samba] howto optimize samba/kerberos for 20k requests per minute - help needed
Rowland Penny
rpenny at samba.org
Mon Jul 19 10:07:18 UTC 2021
On Mon, 2021-07-19 at 11:50 +0200, L.P.H. van Belle via samba wrote:
> Your software vendor? What is the software your using?
> Even that your software vendor is saying that, that still might be
> wrong.
>
> Its same with the guys of Kopano where i had discussions with.
> These also said Samba4 and Kopano is slow and not supported.
> Well, im running it for years, its fast and as long you "manually" ad
> the corrected indexing.
> All fine.
>
> Plain ldap is already in AD...
> AD can to the same as plain ldap.
>
> So,
>
> verify which records al indexed.
> ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b @INDEXLIST
>
> Then first find the base DN for your setup:
> ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b ""
> defaultNamingContext
>
> Then edit the schema, using ldbedit and set searchFlags attribute to
> 1 on the attribute entry you want to index:
> ( examples, adjust with your values )
> ldbedit -H /var/lib/samba/private/sam.ldb -b
> CN=SCHEMA,CN=CONFIGURATION,DC=S-AD1,DC=INTERNAL,DC=DOMAIN,DC=TLD
>
> and change : searchFlags: 0 to : searchFlags: 1
>
> when all is done.
> stop samba and start samba. ( just to make sure things are ok )
> now run : samba-tool dbcheck --reindex << the most important one
> and.. One more.
> this might take a while, wait untill its finish.
>
> Repeat this on all AD-DC?s. << the most important one !!
>
> Personaly i reboot the AD-DC to be sure its still fine after reboots
> and i check as last the index list to see its all applied :
> ldbsearch -H /var/lib/samba/private/sam.ldb -s base -b @INDEXLIST
>
> I suggest try above, your vendor is trying to get the cheap way out
> here..
>
The other point worth mentioning is that, whether Openldap likes it or
not, Openldap is on the way out. It is no longer available from RHEL 8
by default, you have to get it from EPEL, red-hat seemingly wants you
to use freeipa.
Of course this is all just my opinion, I also think that the vendor
needs to support Samba AD (and freeipa) or they might just run out of
clients.
Rowland
More information about the samba
mailing list