[Samba] howto optimize samba/kerberos for 20k requests per minute - help needed

L.P.H. van Belle belle at bazuin.nl
Tue Jul 20 08:11:45 UTC 2021

Well, my personal view on UCS5 is .. 

IF you setup a new environment and you use only UCS, that its a nice thing to use.
But if you know how to setup it manual, your servers perform way faster en USC there setup.

At least, UCS5 is debian10 

Now for the Topic poster. 
Im assuming it webapp that borking his performance, tuning apache/nigx will also help,
But maybe this is something to offload ldap queries. 
Switch to SSO and OIDC for authentication
! Note, i have NOT tested this. 

Also, if your brave and now married with USC, then i suggest, 
Use my script https://github.com/thctlo/Kopano  and setup local repo for kopano.
Get it, Run it and Setup manually.  It removes the need to use dpkg -i *.deb, that installs to much..
Just, keep in mind these are development packages, so if everything is running perfectly,
Dont upgrade, and if you do, do it in test environment. 

Also, if your running kopano 4.3 in samba 4, have you have had a very good look at you logs.
And how kopano (in UCS 4.3) is linked to AD, its simpley a bad setup. 

If you want to fast test, use the kopano docker packages from Zokradonh.

I hope i gave you some ideas..

I dropped UCS (again), i (again) gave it a try but, you get to much overload stuff in my opinion.
Its a nice product, just, not for me. 

And for adjustint the samba4 indexing, totaly forgot to mention that. Its something you can try. 
ldbedit -v -P -s base -b @INDEXLIST -H /var/lib/samba/private/sam.ldb 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: dinsdag 20 juli 2021 9:07
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] howto optimize samba/kerberos for 20k 
> requests per minute - help needed
> On Tue, 2021-07-20 at 08:45 +0200, L.P.H. van Belle via samba wrote:
> > Exacly what i mean. ... Kopano, i was already thinking is kopano.. 
> > But there is one big difference i think. With your setup and mine
> > 
> > I think you run Kopano from within UCS 4.3 
> > ( and i tested also USC 5.0, no kopano there, the move to licenced
> > kopano. ) 
> > I run Kopano on clean Debian 10 install.
> > 
> > And what version kopano/web app is running because
> > i dont see that here. IO looks normal. 
> > 
> I downloaded UCS5 and tried to install it in a VM. The first attempt
> failed when I tried to set up a DC, there is (apparently) no way to
> change the dns and when it did finish the set up, there was no Samba!
> Second attempt, I went for what it described as a join to Active
> Directory, I ended up with what I call a Unix domain member, but with
> what I would call a borked smb.conf, it was using the ldap backend for
> the '*' domain and the nss backend for the 'DOMAIN' domain. There were
> numerous other parameters that I wouldn't use.
> All in all, I wouldn't recomend UCS5 to my worst enemy, but this is
> just my personal opinion.
> Rowland
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list