[Samba] idmap_nss needed together with idmap_ldap?
Hi! In my samba controlled domain, most users are stored in an LDAP directory. The Unix boxes use nss_ldap but they also have a few local users (mostly system-users) whose user-ids are not synchronized. I've read the documentation about idmap_nss but I'm still not sure if this is needed for my setup. Will using idmap_nss in addition to idmap_ldap result in any benefit (e.g. when mapping local, non-ldap unix users)? I am thinking of a setup like: 8< idmap domains = NSS TRUSTEDDOMAINS # idmap config NSS:backend = nss idmap config NSS:readonly = yes # idmap config TRUSTEDDOMAINS:default = yes idmap config TRUSTEDDOMAINS:backend = ldap idmap config TRUSTEDDOMAINS:readonly = no idmap config TRUSTEDDOMAINS:ldap_url = ldap://127.0.0.1 idmap config TRUSTEDDOMAINS:range= 16777216-33554431 idmap alloc backend = ldap idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:range = 16777216-33554431 8< Thanks, --leo -- e-mail ::: Leo.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] mixing idmap_ldap with smbldap-useradd
Hi! Regarding userid-allocation: Can ldap idmap alloc and smbldap-useradd from the smbldap-tools be safely used together? The winbind idmap backend seems to use the uidNumber of ou=idmap,dc=example,dc=com as storage for the next available user-ID. smbldap uses sambaDomainName=EXAMPLE,dc=example,dc=com as default but this can be configured. Is it safe to configure ou=idmap,dc=example,dc=com in smbldap in order to let both winbind and smbldap allocate new userids from the same pool? Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users
On 03/04/2009 06:35 PM, Volker Lendecke wrote: > On Wed, Mar 04, 2009 at 06:21:27PM +0100, Alexander 'Leo' Bergolth wrote: >> The file isn't owned by the user that accesses it, so I guess the >> CAP_LEASE capability should be necessary. But shouldn't strace show a >> call to capset(2) between those two F_SETLEASE fcntl calls (0x400)? > > There is code to acquire CAP_LEASE, but this only is enabled > if at compile HAVE_POSIX_CAPABILITIES is found. You might > want to look at your config.log why this is not detected. Got it! Fedora's RPM spec file is missing a dependency on libcap-devel: http://kojipkgs.fedoraproject.org/packages/samba/3.2.8/0.26.fc10/data/logs/i386/build.log The previously used package was rebuilt by myself with libcap-devel so it did (accidentally) include capabilities support! I've filed a bugreport at redhats bugzilla since this seems to dramatically affect performance. Many thanks for your help! Cheers, --leo P.S.: After having rebuilt the samba package with capabilities, everything works at normal speed again! -- e-mail ::: Leo.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users
On 03/04/2009 04:16 PM, Volker Lendecke wrote:
> On Wed, Mar 04, 2009 at 03:58:20PM +0100, Alexander 'Leo' Bergolth wrote:
>> Here's the log for the unbuffered session:
>> http://leo.kloburg.at/tmp/samba/log.gf2.gz
>
> That's the key:
>
> [2009/03/04 15:51:48, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(138)
> linux_set_kernel_oplock: Refused oplock on file Firefox/LICENSE, fd = 28,
> file_id = fd03:157b181. (Permission denied)
>
> Do you have something like SELinux or so? Or do you share
> the files via NFS and some NFS client has the files open?
Hmm. Thanks for tracking this down.
Please help me uderstand why this fails...
Are there any corresponding recent samba or kernel changes?
It fails on Fedora 10 with kernel-PAE-2.6.27.15-170.2.24.fc10.i686 and
samba-3.2.8-0.26.fc10.i386 while it did work with kernel 2.6.22.9
samba-3.0.30.
SELinux is disabled, NFS is not in use.
# selinuxenabled && echo yes || echo no
no
# /etc/init.d/nfs status
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped
According to the source (oplock_linux.c), linux_setlease() does a
F_SETLEASE fcntl call. If that fails, it calls
set_effective_capability(LEASE_CAPABILITY) and tries the same call again.
The strace output of the corresponding part is:
19115 open("Firefox/LICENSE", O_RDONLY|O_LARGEFILE) = 28
19115 fcntl64(28, F_SETSIG, 0x23) = 0
19115 fcntl64(28, 0x400 /* F_??? */, 0x1) = -1 EACCES (Permission denied)
19115 fcntl64(28, 0x400 /* F_??? */, 0x1) = -1 EACCES (Permission denied)
19115 fcntl64(12, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET,
start=22032, len=1}, 0xbfedbce4) = 0
According to the fcntl man-page, only privileged processes or processes
with the CAP_LEASE capability may do F_SETLEASE:
8<
Leases may only be taken out on regular files. An unprivileged process
may only take out a lease on a file whose UID (owner) matches the file
system UID of the process. A process with the CAP_LEASE
capability may take out leases on arbitrary files.
8<
The file isn't owned by the user that accesses it, so I guess the
CAP_LEASE capability should be necessary. But shouldn't strace show a
call to capset(2) between those two F_SETLEASE fcntl calls (0x400)?
Cheers,
--leo
--
e-mail ::: Leo.Bergolth (at) wu-wien.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users
On 03/04/2009 03:10 PM, Volker Lendecke wrote: > On Wed, Mar 04, 2009 at 02:50:59PM +0100, Alexander 'Leo' Bergolth wrote: >> My test case was just reading the firefox LICENSE file, which isn't in >> use by any other user. I can reproduce this behavior with arbitrary >> other files. > > Ah, sorry, missed that part. Please send your smb.conf file > and a debug level 10 log of the whole unbuffered session. Here's the log for the unbuffered session: http://leo.kloburg.at/tmp/samba/log.gf2.gz Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users
On 03/04/2009 03:10 PM, Volker Lendecke wrote: > On Wed, Mar 04, 2009 at 02:50:59PM +0100, Alexander 'Leo' Bergolth wrote: >> My test case was just reading the firefox LICENSE file, which isn't in >> use by any other user. I can reproduce this behavior with arbitrary >> other files. > > Ah, sorry, missed that part. Please send your smb.conf file > and a debug level 10 log of the whole unbuffered session. When does the session start? Is it sufficient to first establish the connection and then put the corresponding smbd process in debug level 10? The client does a domain logon so capturing the whole login process will be quite huge... > P.S: You don't happen to have "oplocks = no" on some share > definition? No. Cheers, --leo -- e-mail ::: Leo.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] performance problem with 3.2.8: unbuffered reads for some users
On 03/04/2009 02:16 PM, Volker Lendecke wrote:
> On Wed, Mar 04, 2009 at 01:56:26PM +0100, Alexander 'Leo' Bergolth wrote:
>> I'm experiencing strange performance problems after upgrading to samba
>> 3.2.8 from 3.0.30.
>>
>> For all users except smbadmin (who has administrative rights), read
>> performance is _very_ bad. Looking at the read-requests using filemon
>> and wireshark, I found out that for those users, every read is handled
>> transparently (unbuffered) over the net. (I.e. a 2 byte read-request of
>> the application leads to a 2 byte Read And X Request over the net.)
>>
>> If the user is smbadmin, reads are block buffered. (A 2 byte
>> read-request of the same application as above leads to a 4096 byte Read
>> And X Request over the net.)
>>
>> Clients are WinXP SP3.
>> For details, see my test below..
>
> Unfortunately, the log files do not show enough information
> about what is happening. Simple tshark output is not
> sufficient, see
> http://wiki.samba.org/index.php/Capture_Packets for more
> information on creating useful sniffs.
OK, here are more details:
http://leo.kloburg.at/tmp/samba/abergolth-unbuffered.pcap
http://leo.kloburg.at/tmp/samba/smbadmin-buffered.pcap
Both files are produced with
perl -le "sysopen(F, \"R:/firefox/LICENSE\", O_RDONLY); do { $n=
sysread(F, $buf, 2) } while ($n)"
Unfortunately I cannot put the server in debug 10 mode now because there
are some clients connected...
>> When are those buffering parameters negotiated? Do you have any idea why
>> the behavior depends on the connected user?
>
> If it really depends on the connected user, then we need a
> debug level 10 log of smbd doing it. I would however suspect
> that this depends on the fact if a file is shared between
> two users or two applications on the same client box or not.
My test case was just reading the firefox LICENSE file, which isn't in
use by any other user. I can reproduce this behavior with arbitrary
other files.
Cheers,
--leo
--
e-mail ::: Leo.Bergolth (at) wu-wien.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] performance problem with 3.2.8: unbuffered reads for some users
Hi!
I'm experiencing strange performance problems after upgrading to samba
3.2.8 from 3.0.30.
For all users except smbadmin (who has administrative rights), read
performance is _very_ bad. Looking at the read-requests using filemon
and wireshark, I found out that for those users, every read is handled
transparently (unbuffered) over the net. (I.e. a 2 byte read-request of
the application leads to a 2 byte Read And X Request over the net.)
If the user is smbadmin, reads are block buffered. (A 2 byte
read-request of the same application as above leads to a 4096 byte Read
And X Request over the net.)
Clients are WinXP SP3.
For details, see my test below..
When are those buffering parameters negotiated? Do you have any idea why
the behavior depends on the connected user?
Any hints how I could further track down this problem?
Cheers,
--leo
The test was done using 2 byte reads on the windows box:
perl -le 'sysopen(F, "R:/firefox/LICENSE", O_RDONLY);
do { $n= sysread(F, $buf, 2) } while ($n)'
The result can be found here:
smbadmin (buffered reads):
http://leo.kloburg.at/tmp/samba/smbadmin-tshark.txt
abergolth (unbuffered reads, same box):
http://leo.kloburg.at/tmp/samba/abergolth-tshark.txt
smb.conf
http://leo.kloburg.at/tmp/samba/smb.conf
--
e-mail ::: Leo.Bergolth (at) wu-wien.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Manually expire duplicate netbios name
Hi! Yesterday, after migrating to a new server, I accidentally started an identically configured smbd and nmbd on the old machine. Since then, there are two netbios entries, even though the first host (192.168.60.5) is down since yesterday: # nmblookup -U localhost -R 'SAMBA' querying SAMBA on 127.0.0.1 192.168.60.5 SAMBA<00> 192.168.60.3 SAMBA<00> I've already tried to remove NBT/SAMBA#20\0 from /var/lib/samba/gencache.tdb using tdbtool. Besides, I deleted suspicious entried from wins.dat. (Both with or without nmbd running.) Unfortunately I don't know how to remove them from wins.tdb. When restarting nmbd, it complains that there is already a domain master browser, but it queries it's own wins-server (192.168.60.3). (See below.) Any hints on how I can manually delete the wrong ip address from the netbios-cache / wins server? Thanks, --leo Mar 1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08, 0] nmbd/asyncdns.c:start_async_dns(155) Mar 1 18:58:08 samba nmbd[23487]: started asyncdns process 23488 Mar 1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08, 0] nmbd/nmbd_logonnames.c:add_logon_names(160) Mar 1 18:58:08 samba nmbd[23487]: add_domain_logon_names: Mar 1 18:58:08 samba nmbd[23487]: Attempting to become logon server for workgroup RK_KLBG on subnet 192.168.60.3 Mar 1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08, 0] nmbd/nmbd_logonnames.c:add_logon_names(160) Mar 1 18:58:08 samba nmbd[23487]: add_domain_logon_names: Mar 1 18:58:08 samba nmbd[23487]: Attempting to become logon server for workgroup RK_KLBG on subnet UNICAST_SUBNET Mar 1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(336) Mar 1 18:58:08 samba nmbd[23487]: become_domain_master_browser_wins: Mar 1 18:58:08 samba nmbd[23487]: Attempting to become domain master browser on workgroup RK_KLBG, subnet UNICAST_SUBNET. Mar 1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(350) Mar 1 18:58:08 samba nmbd[23487]: become_domain_master_browser_wins: querying WINS server from IP 192.168.60.3 for domain master browser name RK_KLBG<1b> on workgroup RK_KLBG Mar 1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(234) Mar 1 18:58:08 samba nmbd[23487]: become_domain_master_query_success: Mar 1 18:58:08 samba nmbd[23487]: There is already a domain master browser at IP 192.168.60.5 for workgroup RK_KLBG registered on subnet UNICAST_SUBNET. Mar 1 18:58:08 samba nmbd[23487]: [2009/03/01 18:58:08, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(121) Mar 1 18:58:08 samba nmbd[23487]: become_logon_server_success: Samba is now a logon server for workgroup RK_KLBG on subnet UNICAST_SUBNET Mar 1 18:58:12 samba nmbd[23487]: [2009/03/01 18:58:12, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(121) Mar 1 18:58:12 samba nmbd[23487]: become_logon_server_success: Samba is now a logon server for workgroup RK_KLBG on subnet 192.168.60.3 -- e-mail ::: Leo.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
