[Samba] howto optimize samba/kerberos for 20k requests per minute - help needed
Stefan Kania
stefan at kania-online.de
Mon Jul 19 09:52:01 UTC 2021
20k per minute shoudn't be a problem for openLDAP, even 20k per second
is not problem ;-). I think the amount of request is the reason why they
don't support Samba or AD.
Am 19.07.21 um 11:13 schrieb Stefan Bauer via samba:
> Hi and thank you for your time.
>
> We got now the confirmation that samba 4 is not supported by our
> software-vendor.
>
> Hence we will move for now to a plain ldap server.
>
> thank you.
>
>
> stefan
>
> On 16.07.21 15:34, L.P.H. van Belle via samba wrote:
>> Verify if you are using Credential cache for kerberos also.
>>
>> Did you give "Domain Admins" and/or Administrator an UID/GID?
>> Because : already set via primaryGroupID 512')
>> And i know we start with ID's "normaly" above 10000.
>>
>> For the error below. Try : samba-tool dbcheck --cross-ncs --fix
>> I compaired the "bad and "good" link..
>> Both are exacly the same.
>>
>> And if you can, upgrade to at least 4.13 of 4.14
>> And remove the GID from Domain Admins.
>>
>> Reboot the server, check the other dc's after its up again.
>> Test.
>>
>> Report back.
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>> Stefan Bauer via samba
>>> Verzonden: vrijdag 16 juli 2021 13:18
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] howto optimize samba/kerberos for 20k
>>> requests per minute - help needed
>>>
>>> Hi,
>>>
>>> ???
>>>
>>> thanks a lot for all that input.
>>>
>>>
>>> Almost all requests are kerberos traffic (88). I don't think
>>> that a ldap
>>> proxy can help here.
>>>
>>>
>>> Index seems to be active for all the mandatory fields (attached below)
>>>
>>>
>>>
>>> dbcheck only reports a few duplidates, but could not fix it:
>>>
>>>
>>> # samba-tool dbcheck --fix
>>> Checking 4351 objects
>>> Not checking for missing forward links because the db has the
>>> sortedLinks feature
>>> ERROR: Duplicate forward link values for attribute 'member' in
>>> 'CN=domänen-admins,CN=Users,DC=procorp,DC=local'
>>> Duplicate link
>>> '<GUID=eb4fcbe3-c57d-4747-87e4-13f00bd672b9>;<RMD_ADDTIME=1308
>>> 98974210000000>;<RMD_CHANGETIME=132697748320000000>;<RMD_FLAGS
>>> =1>;<RMD_INVOCID=d2d4c906-b197-4b44-983f-7bf6143b9d91>;<RMD_LO
>>> CAL_USN=20104>;<RMD_ORIGINATING_USN=20104>;<RMD_VERSION=2>;<SI
>>> D=S-1-5-21-588273740-1646099605-1082013118-6194>;CN=Administra
>>> tor_MS,OU=Benutzer,OU=Sys-Admin,OU=procorp,DC=procorp,DC=local'
>>> Correct link
>>> '<GUID=eb4fcbe3-c57d-4747-87e4-13f00bd672b9>;<RMD_ADDTIME=1308
>>> 98974210000000>;<RMD_CHANGETIME=132697952890000000>;<RMD_FLAGS
>>> =1>;<RMD_INVOCID=d2d4c906-b197-4b44-983f-7bf6143b9d91>;<RMD_LO
>>> CAL_USN=22248>;<RMD_ORIGINATING_USN=22248>;<RMD_VERSION=4>;<SI
>>> D=S-1-5-21-588273740-1646099605-1082013118-6194>;CN=Administra
>>> tor_MS,OU=Benutzer,OU=Sys-Admin,OU=procorp,DC=procorp,DC=local'
>>> Duplicate link
>>> '<GUID=f78c768b-20b8-4df5-bd09-08d0bfe46565>;<RMD_ADDTIME=1298
>>> 87105960000000>;<RMD_CHANGETIME=132697748320000000>;<RMD_FLAGS
>>> =1>;<RMD_INVOCID=d2d4c906-b197-4b44-983f-7bf6143b9d91>;<RMD_LO
>>> CAL_USN=20104>;<RMD_ORIGINATING_USN=20104>;<RMD_VERSION=2>;<SI
>>> D=S-1-5-21-588273740-1646099605-1082013118-6084>;CN=sql-admin,
>>> OU=Gruppen_virtuelle_Benutzer,OU=Sys-Admin,OU=procorp,DC=proco
>>> rp,DC=local'
>>> Correct link
>>> '<GUID=f78c768b-20b8-4df5-bd09-08d0bfe46565>;<RMD_ADDTIME=1298
>>> 87105960000000>;<RMD_CHANGETIME=132697748320000000>;<RMD_FLAGS
>>> =1>;<RMD_INVOCID=d2d4c906-b197-4b44-983f-7bf6143b9d91>;<RMD_LO
>>> CAL_USN=20104>;<RMD_ORIGINATING_USN=20104>;<RMD_VERSION=2>;<SI
>>> D=S-1-5-21-588273740-1646099605-1082013118-6084>;CN=sql-admin,
>>> OU=Gruppen_virtuelle_Benutzer,OU=Sys-Admin,OU=procorp,DC=proco
>>> rp,DC=local'
>>> RECHECK: 'Missing/Duplicate/Correct link' lines above for attribute
>>> 'member' in 'CN=domänen-admins,CN=Users,DC=procorp,DC=local'
>>> Commit fixes for (missing/duplicate) forward links in
>>> attribute 'member'
>>> [y/N/all/none] all
>>> Failed to fix duplicate links in attribute 'member' : (68, 'samldb:
>>> member
>>> CN=Administrator,OU=Benutzer,OU=Sys-Admin,OU=procorp,DC=procor
>>> p,DC=local
>>> already set via primaryGroupID 512')
>>> Checked 4351 objects (2 errors)
>>>
>>>
>>>
>>> # samba-tool dbcheck --reindex
>>> Re-indexing...
>>> ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in
>>> CN=ADM-TKSERVER,OU=Server,OU=Sys-Admin,OU=PROCORP,DC=PROCORP,DC=local
>>> for index on servicePrincipalName, duplicate of objectGUID
>>> 0ff73729-efe9-43f6-a34e-b4f43436d0c2 in @INDEX:SERVICEPRINCIPALNAME
>>> <INDEX:SERVICEPRINCIPALNAME>:WSMAN/ADM-TKSERVER
>>> ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in
>>> CN=ADM-HYPER-V1,OU=Server,OU=Sys-Admin,OU=PROCORP,DC=PROCORP,DC=local
>>> for index on servicePrincipalName, duplicate of objectGUID
>>> e4b73032-97ab-4cd1-8189-9b0f29c8b87a in @INDEX:SERVICEPRINCIPALNAME
>>> <INDEX:SERVICEPRINCIPALNAME>:WSMAN/ADM-HYPER-V1
>>> completed re-index OK
>>>
>>>
>>>
>>> Thanks. Stefan
>>>
>>>
>>> --------------------------------------------------------------------
>>>
>>>
>>>
>>>
>>> # ldbsearch -H "$(samba -b|grep PRIVATE_DIR |awk '{ print $NF
>>> }')/sam.ldb" -s base -b @INDEXLIST
>>> # record 1
>>> dn: @INDEXLIST
>>> @IDX_DN_GUID: GUID
>>> @IDXGUID: objectGUID
>>> @IDXONE: 1
>>> @SAMBA_FEATURES_SUPPORTED: 1
>>> @SAMDB_INDEXING_VERSION: 2
>>> @IDXATTR: msDS-DeviceID
>>> @IDXATTR: msDS-DevicePhysicalIDs
>>> @IDXATTR: msDS-DeviceOSType
>>> @IDXATTR: msDS-SyncServerUrl
>>> @IDXATTR: msDS-CloudIsManaged
>>> @IDXATTR: msDS-IsManaged
>>> @IDXATTR: msDS-DeviceObjectVersion
>>> @IDXATTR: msDS-ApproximateLastLogonTimeStamp
>>> @IDXATTR: msDS-RegisteredUsers
>>> @IDXATTR: msDS-RegisteredOwner
>>> @IDXATTR: msDS-cloudExtensionAttribute20
>>> @IDXATTR: msDS-cloudExtensionAttribute19
>>> @IDXATTR: msDS-cloudExtensionAttribute18
>>> @IDXATTR: msDS-cloudExtensionAttribute17
>>> @IDXATTR: msDS-cloudExtensionAttribute16
>>> @IDXATTR: msDS-cloudExtensionAttribute15
>>> @IDXATTR: msDS-cloudExtensionAttribute14
>>> @IDXATTR: msDS-cloudExtensionAttribute13
>>> @IDXATTR: msDS-cloudExtensionAttribute12
>>> @IDXATTR: msDS-cloudExtensionAttribute11
>>> @IDXATTR: msDS-cloudExtensionAttribute10
>>> @IDXATTR: msDS-cloudExtensionAttribute9
>>> @IDXATTR: msDS-cloudExtensionAttribute8
>>> @IDXATTR: msDS-cloudExtensionAttribute7
>>> @IDXATTR: msDS-cloudExtensionAttribute6
>>> @IDXATTR: msDS-cloudExtensionAttribute5
>>> @IDXATTR: msDS-cloudExtensionAttribute4
>>> @IDXATTR: msDS-cloudExtensionAttribute3
>>> @IDXATTR: msDS-cloudExtensionAttribute2
>>> @IDXATTR: msDS-cloudExtensionAttribute1
>>> @IDXATTR: netbootDUID
>>> @IDXATTR: msDS-GeoCoordinatesLongitude
>>> @IDXATTR: msDS-GeoCoordinatesLatitude
>>> @IDXATTR: msDS-GeoCoordinatesAltitude
>>> @IDXATTR: msDS-PrimaryComputer
>>> @IDXATTR: msTPM-SrkPubThumbprint
>>> @IDXATTR: msSPP-KMSIds
>>> @IDXATTR: msExchMailboxAuditEnable
>>> @IDXATTR: msExchBypassAudit
>>> @IDXATTR: msExchExtensionCustomAttribute5
>>> @IDXATTR: msExchExtensionCustomAttribute4
>>> @IDXATTR: msExchExtensionCustomAttribute3
>>> @IDXATTR: msExchExtensionCustomAttribute2
>>> @IDXATTR: msExchExtensionCustomAttribute1
>>> @IDXATTR: msExchExtensionAttribute45
>>> @IDXATTR: msExchExtensionAttribute44
>>> @IDXATTR: msExchExtensionAttribute43
>>> @IDXATTR: msExchExtensionAttribute42
>>> @IDXATTR: msExchExtensionAttribute41
>>> @IDXATTR: msExchExtensionAttribute40
>>> @IDXATTR: msExchExtensionAttribute39
>>> @IDXATTR: msExchExtensionAttribute38
>>> @IDXATTR: msExchExtensionAttribute37
>>> @IDXATTR: msExchExtensionAttribute36
>>> @IDXATTR: msExchExtensionAttribute35
>>> @IDXATTR: msExchExtensionAttribute34
>>> @IDXATTR: msExchExtensionAttribute33
>>> @IDXATTR: msExchExtensionAttribute32
>>> @IDXATTR: msExchExtensionAttribute31
>>> @IDXATTR: msExchExtensionAttribute30
>>> @IDXATTR: msExchExtensionAttribute29
>>> @IDXATTR: msExchExtensionAttribute28
>>> @IDXATTR: msExchExtensionAttribute27
>>> @IDXATTR: msExchExtensionAttribute26
>>> @IDXATTR: msExchExtensionAttribute25
>>> @IDXATTR: msExchExtensionAttribute24
>>> @IDXATTR: msExchExtensionAttribute23
>>> @IDXATTR: msExchExtensionAttribute22
>>> @IDXATTR: msExchExtensionAttribute21
>>> @IDXATTR: msExchExtensionAttribute20
>>> @IDXATTR: msExchExtensionAttribute19
>>> @IDXATTR: msExchExtensionAttribute18
>>> @IDXATTR: msExchExtensionAttribute17
>>> @IDXATTR: msExchExtensionAttribute16
>>> @IDXATTR: msExchUsageLocation
>>> @IDXATTR: msExchDisabledArchiveGUID
>>> @IDXATTR: msOrg-GroupSubtypeName
>>> @IDXATTR: msOrg-OtherDisplayNames
>>> @IDXATTR: msExchCalculatedTargetAddress
>>> @IDXATTR: msExchReseller
>>> @IDXATTR: msExchExternalDirectoryOrganizationId
>>> @IDXATTR: msExchMailboxAuditLastExternalAccess
>>> @IDXATTR: msExchMailboxAuditLastDelegateAccess
>>> @IDXATTR: msExchMailboxAuditLastAdminAccess
>>> @IDXATTR: msExchSetupStatus
>>> @IDXATTR: msExchMailboxMoveTargetArchiveMDBBL
>>> @IDXATTR: msExchMailboxMoveTargetArchiveMDBLink
>>> @IDXATTR: msExchMailboxMoveSourceArchiveMDBBL
>>> @IDXATTR: msExchMailboxMoveSourceArchiveMDBLink
>>> @IDXATTR: msExchOnPremiseObjectGuid
>>> @IDXATTR: msExchMRSRequestType
>>> @IDXATTR: msExchIntendedServicePlan
>>> @IDXATTR: msExchExternalDirectoryObjectId
>>> @IDXATTR: msExchUMSourceForestPolicyNames
>>> @IDXATTR: msExchSharedConfigServicePlanTag
>>> @IDXATTR: msExchPartnerGroupID
>>> @IDXATTR: msExchUCVoiceMailSettings
>>> @IDXATTR: msExchRemoteRecipientType
>>> @IDXATTR: msExchMailboxMoveRequestGuid
>>> @IDXATTR: msExchCapabilityIdentifiers
>>> @IDXATTR: msExchArchiveStatus
>>> @IDXATTR: msExchArchiveAddress
>>> @IDXATTR: altSecurityIdentities
>>> @IDXATTR: lastLogonTimestamp
>>> @IDXATTR: msFVE-VolumeGuid
>>> @IDXATTR: msFVE-RecoveryGuid
>>> @IDXATTR: msDS-PhoneticCompanyName
>>> @IDXATTR: msDS-PhoneticDisplayName
>>> @IDXATTR: msDS-PhoneticDepartment
>>> @IDXATTR: msDS-PhoneticFirstName
>>> @IDXATTR: msDS-PhoneticLastName
>>> @IDXATTR: msDS-HABSeniorityIndex
>>> @IDXATTR: msDS-Entry-Time-To-Die
>>> @IDXATTR: trustPartner
>>> @IDXATTR: st
>>> @IDXATTR: objectClass
>>> @IDXATTR: department
>>> @IDXATTR: company
>>> @IDXATTR: msExchVoiceMailboxID
>>> @IDXATTR: msExchUserAccountControl
>>> @IDXATTR: msExchUnmergedAttsPt
>>> @IDXATTR: unmergedAtts
>>> @IDXATTR: targetAddress
>>> @IDXATTR: msExchResourceGUID
>>> @IDXATTR: msExchPreviousAccountSid
>>> @IDXATTR: msExchMasterAccountSid
>>> @IDXATTR: msExchMailboxGuid
>>> @IDXATTR: mailNickname
>>> @IDXATTR: importedFrom
>>> @IDXATTR: msExchIMVirtualServer
>>> @IDXATTR: msExchIMPhysicalURL
>>> @IDXATTR: msExchIMMetaPhysicalURL
>>> @IDXATTR: msExchIMAddress
>>> @IDXATTR: msExchFBURL
>>> @IDXATTR: extensionAttribute9
>>> @IDXATTR: extensionAttribute8
>>> @IDXATTR: extensionAttribute7
>>> @IDXATTR: extensionAttribute6
>>> @IDXATTR: extensionAttribute5
>>> @IDXATTR: extensionAttribute4
>>> @IDXATTR: extensionAttribute3
>>> @IDXATTR: extensionAttribute2
>>> @IDXATTR: extensionAttribute15
>>> @IDXATTR: extensionAttribute14
>>> @IDXATTR: extensionAttribute13
>>> @IDXATTR: extensionAttribute12
>>> @IDXATTR: extensionAttribute11
>>> @IDXATTR: extensionAttribute10
>>> @IDXATTR: extensionAttribute1
>>> @IDXATTR: expirationTime
>>> @IDXATTR: msExchADCGlobalNames
>>> @IDXATTR: msExchHomeServerName
>>> @IDXATTR: msExchObjectID
>>> @IDXATTR: msExchLicenseToken
>>> @IDXATTR: msExchMailboxMoveBatchName
>>> @IDXATTR: msExchForeignGroupSID
>>> @IDXATTR: msExchArchiveGUID
>>> @IDXATTR: msExchRoleType
>>> @IDXATTR: msExchRoleEntriesExt
>>> @IDXATTR: msExchMailboxMoveStatus
>>> @IDXATTR: msExchMailboxMoveRemoteHostName
>>> @IDXATTR: msExchUMDialPlanDialedNumbers
>>> @IDXATTR: msExchUMAddresses
>>> @IDXATTR: msExchAlternateMailboxes
>>> @IDXATTR: msExchServicePlan
>>> @IDXATTR: msExchThrottlingPolicyDN
>>> @IDXATTR: msExchThrottlingIsDefaultPolicy
>>> @IDXATTR: msExchUMCallingLineIDs
>>> @IDXATTR: msExchImmutableId
>>> @IDXATTR: msExchWindowsLiveID
>>> @IDXATTR: msExchSignupAddresses
>>> @IDXATTR: msExchEdgeSyncSourceGuid
>>> @IDXATTR: msExchDeviceID
>>> @IDXATTR: msExchArbitrationMailbox
>>> @IDXATTR: msExchRoleLink
>>> @IDXATTR: msExchScopeFlags
>>> @IDXATTR: msExchRoleFlags
>>> @IDXATTR: msExchRoleEntries
>>> @IDXATTR: msExchRoleAssignmentFlags
>>> @IDXATTR: msExchOURoot
>>> @IDXATTR: msExchRecipientTypeDetails
>>> @IDXATTR: msExchRecipientDisplayType
>>> @IDXATTR: msExchMasterAccountHistory
>>> @IDXATTR: msExchAvailabilityForeignConnectorType
>>> @IDXATTR: msExchUMIPGatewayAddress
>>> @IDXATTR: msExchUMDtmfMap
>>> @IDXATTR: msExchUMAutoAttendantDialedNumbers
>>> @IDXATTR: msExchResourceSearchProperties
>>> @IDXATTR: msPKI-Cert-Template-OID
>>> @IDXATTR: msTSExpireDate
>>> @IDXATTR: uSNCreated
>>> @IDXATTR: uSNChanged
>>> @IDXATTR: userPrincipalName
>>> @IDXATTR: userAccountControl
>>> @IDXATTR: sn
>>> @IDXATTR: sIDHistory
>>> @IDXATTR: showInAdvancedViewOnly
>>> @IDXATTR: servicePrincipalName
>>> @IDXATTR: sAMAccountType
>>> @IDXATTR: sAMAccountName
>>> @IDXATTR: name
>>> @IDXATTR: proxyAddresses
>>> @IDXATTR: primaryGroupID
>>> @IDXATTR: ou
>>> @IDXATTR: objectSid
>>> @IDXATTR: objectGUID
>>> @IDXATTR: objectCategory
>>> @IDXATTR: nETBIOSName
>>> @IDXATTR: mSMQOwnerID
>>> @IDXATTR: msDS-SecondaryKrbTgtNumber
>>> @IDXATTR: msDS-Site-Affinity
>>> @IDXATTR: mS-DS-CreatorSID
>>> @IDXATTR: msDS-Cached-Membership-Time-Stamp
>>> @IDXATTR: msDS-AdditionalSamAccountName
>>> @IDXATTR: l
>>> @IDXATTR: legacyExchangeDN
>>> @IDXATTR: lDAPDisplayName
>>> @IDXATTR: keywords
>>> @IDXATTR: invocationId
>>> @IDXATTR: groupType
>>> @IDXATTR: givenName
>>> @IDXATTR: fSMORoleOwner
>>> @IDXATTR: fromServer
>>> @IDXATTR: flatName
>>> @IDXATTR: dnsRoot
>>> @IDXATTR: displayName
>>> @IDXATTR: cn
>>> @IDXATTR: msTSLicenseVersion4
>>> @IDXATTR: msTSLicenseVersion3
>>> @IDXATTR: msTSLicenseVersion2
>>> @IDXATTR: msTSLSProperty02
>>> @IDXATTR: msTSLSProperty01
>>> @IDXATTR: msTSExpireDate4
>>> @IDXATTR: msTSExpireDate3
>>> @IDXATTR: msTSExpireDate2
>>> @IDXATTR: msTSManagingLS4
>>> @IDXATTR: msTSManagingLS3
>>> @IDXATTR: msTSManagingLS2
>>> @IDXATTR: terminalServer
>>> @IDXATTR: msTSManagingLS
>>> @IDXATTR: msTSLicenseVersion
>>> @IDXATTR: msTSProperty02
>>> @IDXATTR: msTSProperty01
>>> @IDXATTR: msDS-AzObjectGuid
>>> @IDXATTR: msDFSR-ReplicationGroupGuid
>>> @IDXATTR: msDFSR-DfsPath
>>> @IDXATTR: uidNumber
>>> @IDXATTR: gidNumber
>>> @IDXATTR: msSFU30IsValidContainer
>>> @IDXATTR: msSFU30NetgroupUserAtDomain
>>> @IDXATTR: msSFU30NetgroupHostAtDomain
>>> @IDXATTR: msSFU30MaxUidNumber
>>> @IDXATTR: msSFU30MaxGidNumber
>>> @IDXATTR: msSFU30YpServers
>>> @IDXATTR: msSFU30Domains
>>> @IDXATTR: msSFU30NisDomain
>>> @IDXATTR: msSFU30BootFile
>>> @IDXATTR: msSFU30NisMapEntry
>>> @IDXATTR: msSFU30NisMapName
>>> @IDXATTR: msSFU30MemberUid
>>> @IDXATTR: msSFU30MacAddress
>>> @IDXATTR: msSFU30IpHostNumber
>>> @IDXATTR: msSFU30OncRpcNumber
>>> @IDXATTR: msSFU30IpNetmaskNumber
>>> @IDXATTR: msSFU30IpNetworkNumber
>>> @IDXATTR: msSFU30IpProtocolNumber
>>> @IDXATTR: msSFU30GidNumber
>>> @IDXATTR: msSFU30UidNumber
>>> @IDXATTR: msSFU30Name
>>> @IDXATTR: msSFU30OrderNumber
>>> @IDXATTR: msSFU30MasterServerName
>>> @IDXATTR: textEncodedORAddress
>>> @IDXATTR: msExchHomeRoutingGroup
>>> @IDXATTR: msExchRoutingGroupMembersDN
>>> @IDXATTR: mail
>>> @IDXATTR: msExchIMServerName
>>> @IDXATTR: physicalDeliveryOfficeName
>>> @IDXATTR: volTableIdxGUID
>>> @IDXATTR: USNIntersite
>>> @IDXATTR: uNCName
>>> @IDXATTR: timeVolChange
>>> @IDXATTR: serviceClassName
>>> @IDXATTR: rpcNsTransferSyntax
>>> @IDXATTR: rpcNsObjectID
>>> @IDXATTR: rpcNsInterfaceID
>>> @IDXATTR: requiredCategories
>>> @IDXATTR: physicalLocationObject
>>> @IDXATTR: packageFlags
>>> @IDXATTR: oMTIndxGuid
>>> @IDXATTR: netbootGUID
>>> @IDXATTR: mSMQQueueType
>>> @IDXATTR: mSMQLabelEx
>>> @IDXATTR: mSMQLabel
>>> @IDXATTR: mSMQDigests
>>> @IDXATTR: mS-SQL-Alias
>>> @IDXATTR: mS-SQL-Database
>>> @IDXATTR: mS-SQL-Version
>>> @IDXATTR: mS-SQL-Name
>>> @IDXATTR: location
>>> @IDXATTR: implementedCategories
>>> @IDXATTR: groupAttributes
>>> @IDXATTR: fileExtPriority
>>> @IDXATTR: dNSTombstoned
>>> @IDXATTR: dhcpType
>>> @IDXATTR: cOMClassID
>>> @IDXATTR: birthLocation
>>> distinguishedName: @INDEXLIST
>>>
>>>
>>>
>>> On 16.07.21 11:56, L.P.H. van Belle via samba wrote:
>>>> I would start here.
>>>> https://docs.software-univention.de/performance-guide-4.1.html
>>>>
>>>> And run :
>>>> ldbsearch -H "$(samba -b|grep PRIVATE_DIR |awk '{ print $NF
>>> }')/sam.ldb" -s base -b @INDEXLIST
>>>> That shows what is index at this moment.
>>>>
>>>> You can add ldap proxy on the webserver to offload samba.
>>>> Also samba is Version 4.10.18-Univention newer version has
>>> better performace.
>>>> There is/was a change as of 4.11
>>>>
>>>> On all AD-DC's run :
>>>> samba-tool dbcheck
>>>> samba-tool dbcheck --reindex
>>>> Might help a bit also.
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>
>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html
More information about the samba
mailing list