[Samba] Samba-LDAP with 100%CPU with connections in CLOSE_WAIT
Andrew Bartlett
abartlet at samba.org
Tue Sep 20 20:51:06 UTC 2022
On Tue, 2022-09-20 at 16:32 +0200, Steffen via samba wrote:
> ...
> > Finally, if you set 'log level = 5' you can see what time each
> > request
> > takes, and what it is. Setting the query timeout just as per
> > Windows
> > AD will also work (roughly) and provide notice (level 3 at 1/4 the
> > timeout) and warnings at log level 1 after the timeout.
> >
> > See
> > https://bugzilla.samba.org/show_bug.cgi?id=14694
> > and
> > https://www.oreilly.com/library/view/active-directory-cookbook/0596004648/ch04s24.html
> > for a
> > description of the limits.
> >
> > Andrew Bartlett
>
> Hm, we were trying for a long time to get some log entries which show
> us the requested LDAP-Queries but with no luck.
>
> Which/Where should we adapt the "log level = 5", just in the global
> section?
>
>
> currently we have set:
> [global]
> ...
> log level = 5 auth:5
> auth_audit:10@/var/log/samba/auth_audit.log
>
> ldap debug level = 5
> ldap debug threshold = 1
>
>
> We only have seen ldap-queries for long or outtimed requests. We
> don't see "normal" ldap-queries. We tried with ldapsearch from CLI.
>
The 'ldap debug' options are for another part of the code, but the log
level = 5 should trigger the query log, by my reading of the code.
I'm not sure why you are not seeing that, but there have been bugs
regarding our log handling, but
https://bugzilla.samba.org/show_bug.cgi?id=14897 was fixed in 4.15.3.
Sorry,
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list