On Thu, 2005-10-27 at 03:12 -0300, Martin Scandroli wrote: > Experts, > The implementation of this feature produced some other problems (we've > found workarrounds but i'll comment them just to provide some feedback). > > 1) The samba server used to die seconds after it was started. > Something about the nobody user and it's primary group prevented it from > working in a proper manner. We solved this inconvinient by adding de > user > nobody and it's corresponding primary group to the backend.
Yep, this is a known requirement for that feature. I'm not sure it should die, but it can't work without all the accounts it will deal with in LDAP. (Otherwise we have to use the slower method, which is why you turned this on in the first place). > 2) Root user was no longer recognized, (we still trying to figure out > why, the user's been added to the tree, but nothing changed) so we used > the > new role based administration provided by samba 3 as a workarround > (SeMachinAccount...), and no more troubles about it. Yep. > > > 3)THIS ISSUE IS KILLING US!!!!!!! > > Something happens in a determined moment of the day (rush hour). > Everything is running smoothly (0.3 - 0.4 of load average) when the load > start to grow indefinitely!!!!!!. It raises from 0.3 to 50 in a matter > of > seconds!, and it keeps growing till the server dies. We couldn't find > the > reason of this, but it happens in a two hors interval. Before and after > this > interval, there are no errors of any kind. > > I'll paste some log errors (just the ones i saw). I don't think > they're the cause of our problems, buy you're the experts. > > Any clue? do you need me to gather some kind of information? any DoS > bug reported for this samba version? My guess is this: Your LDAP server is getting backed up because of a bug, perhaps invoving a lock in the database. Then Samba processes start backing up, trying to access LDAP, which is wedged. They keep hammering at the ldap server in the backoff pattern, then fail (causing the client to try again). Because the questions are not being answered, the load goes though the roof, and this causes the LDAP sever more pain. One option is to separate your LDAP server from your samba server, and have more than one LDAP server available per Samba server. This allows Samba to use the other server, with the local one recovers (assuming some short-term lock). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba