[Samba] Samba-LDAP with 100%CPU with connections in CLOSE_WAIT

Steffen fenlo at gfz-potsdam.de
Tue Sep 20 14:32:17 UTC 2022

> Finally, if you set 'log level = 5' you can see what time each request
> takes, and what it is.  Setting the query timeout just as per Windows
> AD will also work (roughly) and provide notice (level 3 at 1/4 the
> timeout) and warnings at log level 1 after the timeout.  
> See https://bugzilla.samba.org/show_bug.cgi?id=14694 and 
> https://www.oreilly.com/library/view/active-directory-cookbook/0596004648/ch04s24.html for a
> description of the limits. 
> Andrew Bartlett

Hm, we were trying for a long time to get some log entries which show us the requested LDAP-Queries  but with no luck. 

Which/Where should we adapt the "log level = 5", just in the global section?

currently we have set:
	log level = 5 auth:5 auth_audit:10@/var/log/samba/auth_audit.log

	ldap debug level = 5 
	ldap debug threshold = 1

We only have seen ldap-queries for long or outtimed requests. We don't see "normal" ldap-queries. We tried with ldapsearch from CLI.

More information about the samba mailing list