Re: [Samba] winbind + samba limits with large AD?
Volker Lendecke schrieb: On Wed, Jul 11, 2007 at 06:16:12PM +0200, Ralf Gross wrote: [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 Update /lib/libnss_winbind.so with the version you just compiled and reboot. That worked and now I've got 3.2 running. One thing I also noticed with the ubuntu package: the groupnames are only numbers. I [EMAIL PROTECTED]:~$ /opt/samba32/bin/wbinfo -r ralfgro 2003 2004 2005 2006 2007 2008 2009 [...] [EMAIL PROTECTED]:~$ id -a uid=2000(ralfgro) gid=2000 Gruppen=2000 [EMAIL PROTECTED]:~$ ls -l insgesamt 0 lrwxrwxrwx 1 ralfgro 2000 26 2007-07-12 08:27 Examples - /usr/share/example-content -rw-r--r-- 1 ralfgro 2000 0 2007-07-12 08:29 foo [EMAIL PROTECTED]:~$ ls -la insgesamt 24 drwxr-xr-x 2 ralfgro 2000 4096 2007-07-12 08:43 . drwxr-xr-x 4 rootroot 4096 2007-07-12 08:27 .. -rw-r--r-- 1 ralfgro 2000 220 2007-07-12 08:27 .bash_logout -rw-r--r-- 1 ralfgro 2000 414 2007-07-12 08:27 .bash_profile -rw-r--r-- 1 ralfgro 2000 2298 2007-07-12 08:27 .bashrc lrwxrwxrwx 1 ralfgro 2000 26 2007-07-12 08:27 Examples - /usr/share/example-content -rwxr--r-- 1 ralfgro 20000 2007-07-12 08:29 foo -rw-r--r-- 1 ralfgro 2000 566 2007-07-12 08:27 .profile -rwxr--r-- 1 ralfgro 20000 2007-07-12 08:43 test [EMAIL PROTECTED]:~$ chgrp users test chgrp: Ändern der Gruppe für test: Operation not permitted I must still be missing something... Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Ralf Gross schrieb: One thing I also noticed with the ubuntu package: the groupnames are only numbers. I [EMAIL PROTECTED]:~$ /opt/samba32/bin/wbinfo -r ralfgro 2003 2004 2005 2006 2007 2008 2009 [...] I obviously screwed the nsswitch.conf. After correcting this, I get the group names. But the whole thing is still very fragile. A simpe 'id -a' takes ages and I just killed winbind after one minute with this result. [EMAIL PROTECTED]:~$ id -a uid=2000(ralfgro) gid=2000(emea\domain users) Gruppen=2000(emea\domain users),2003(emea\emtc_tsrv_restrict_cul_a),2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2022,2025,2026,2028,2029,2033,2035,2036,2037,2038,2039,2041,2042,2043,2044,2046,2048,2049,2050,2051,2053,2054,2056,2057,2058,2059,2060,2062,2063,2064,2066,2067,2069,2070,2071,2072,2073,2075,2076,2079,2080,2081,2082,2083,2084,2085,2086,2088,2089,2090,2093,2094,2099,2103,2109,2111,2113,2114,2115,2116,2119,2122,2125,2126,2127,2130,2131,2133 This is the debug output of a second try... [2007/07/12 09:28:10, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2004 [2007/07/12 09:28:10, 1] nsswitch/winbindd_group.c:getgrsid_sid2gid_recv(760) Can't find domain from name (EMEA\EMTC_ITS_MTC) [2007/07/12 09:28:10, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2005 [2007/07/12 09:28:15, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1099) ads lookup_groupmem for sid=S-1-5-21-1482476501-1450960922-725345543-152681 succeeded --- pause [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6915]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(554) [ 6914]: request location of privileged pipe [2007/07/12 09:30:33, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2008 [2007/07/12 09:30:33, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1099) [...] [2007/07/12 09:39:21, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2076 [...] During this command no connection to any share was possible! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Ralf Gross schrieb: Now after executing 'id -a' I got a panic: [2007/07/12 10:28:28, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6998]: getgrgid 2054 [2007/07/12 10:28:38, 0] libsmb/clientgen.c:cli_receive_smb_internal(136) Receiving SMB: Server stopped responding [2007/07/12 10:28:38, 0] rpc_client/cli_pipe.c:rpc_api_pipe(789) rpc_api_pipe: Remote machine smtcd001.emea.corpdir.net pipe \lsarpc fnum 0x8005returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(40) === [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 6905 (3.2.1pre1-SVN-build-23823) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(44) === [2007/07/12 10:28:38, 0] lib/util.c:smb_panic(1655) PANIC (pid 6905): internal error [2007/07/12 10:28:38, 0] lib/util.c:log_stack_trace(1759) BACKTRACE: 18 stack frames: #0 /opt/samba32/sbin/winbindd(log_stack_trace+0x2d) [0x8142eab] #1 /opt/samba32/sbin/winbindd(smb_panic+0x78) [0x8142fd9] #2 /opt/samba32/sbin/winbindd [0x812e72e] #3 [0xe420] #4 /lib/tls/i686/cmov/libc.so.6(vsnprintf+0xb4) [0xb7d8eb54] #5 /opt/samba32/sbin/winbindd(talloc_vasprintf+0x3b) [0x81254ec] #6 /opt/samba32/sbin/winbindd(talloc_asprintf+0x2e) [0x812563f] #7 /opt/samba32/sbin/winbindd [0x80d4662] #8 /opt/samba32/sbin/winbindd [0x80ba8a9] #9 /opt/samba32/sbin/winbindd [0x80afeea] #10 /opt/samba32/sbin/winbindd [0x80b1c89] #11 /opt/samba32/sbin/winbindd [0x80db102] #12 /opt/samba32/sbin/winbindd [0x80dbe15] #13 /opt/samba32/sbin/winbindd [0x80da383] #14 /opt/samba32/sbin/winbindd [0x80a9220] #15 /opt/samba32/sbin/winbindd(main+0xdef) [0x80aa0db] #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc) [0xb7d45ebc] #17 /opt/samba32/sbin/winbindd [0x80a8031] [2007/07/12 10:28:38, 0] lib/fault.c:dump_core(180) dumping core in /opt/samba32/var/cores/winbindd Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Hello Ralf, could you please for debugging this raise your log level to 10 (and possibly set max log size to 0 to prevent rotation of log files). For the stack trace to be more meaningful, it would also be good to have samba compiled with CFLAGS=-g (debugging symbols) and without optimizations (no -O, -O2, ... flag). Furthermore the configure option --enable-pie=no is useful. As for your setup: Could you provide your smb.conf file (secret stuff grayed out of course)? You should double check that no components are mixed between your system package samba installation and your hand-compiled version (sorry if I am stating obious things): * save your smb.conf * clean all of /opt/samba32 * recompile as stated above * reinstall * copy your smb.conf to /opt/samba32/lib (don't forget to raise log level to 10 and max log size = 0) * make sure to copy (or link) libnss_winbind.so to /lib/libnss_winbind.so (and /lib/libnss_winbind.so.2) * rejoin the domain * start nmbd/smbd/winbindd daemons * make your tests as before, using tools (wbinfo...) from /opt/samba32/bin when not using system commands (id, getent, ...) Then provide us with the logs - maybe bugzilla.samba.org is more approriate a place for this. Also some key data about your AD environment would be interesting to know: number of DCs, OS version of DCs, mode of AD (native 2003, ...) number of users, number of groups, size of largest groups involved in your tests, number of groups user is member of, ... Best, Michael On Thu, Jul 12, 2007 at 10:46:26AM +0200, Ralf Gross wrote: Ralf Gross schrieb: Now after executing 'id -a' I got a panic: [2007/07/12 10:28:28, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6998]: getgrgid 2054 [2007/07/12 10:28:38, 0] libsmb/clientgen.c:cli_receive_smb_internal(136) Receiving SMB: Server stopped responding [2007/07/12 10:28:38, 0] rpc_client/cli_pipe.c:rpc_api_pipe(789) rpc_api_pipe: Remote machine smtcd001.emea.corpdir.net pipe \lsarpc fnum 0x8005returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(40) === [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 6905 (3.2.1pre1-SVN-build-23823) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(44) === [2007/07/12 10:28:38, 0] lib/util.c:smb_panic(1655) PANIC (pid 6905): internal error [2007/07/12 10:28:38, 0] lib/util.c:log_stack_trace(1759) BACKTRACE: 18 stack frames: #0 /opt/samba32/sbin/winbindd(log_stack_trace+0x2d) [0x8142eab] #1 /opt/samba32/sbin/winbindd(smb_panic+0x78) [0x8142fd9] #2 /opt/samba32/sbin/winbindd [0x812e72e] #3 [0xe420] #4 /lib/tls/i686/cmov/libc.so.6(vsnprintf+0xb4) [0xb7d8eb54] #5 /opt/samba32/sbin/winbindd(talloc_vasprintf+0x3b) [0x81254ec] #6 /opt/samba32/sbin/winbindd(talloc_asprintf+0x2e) [0x812563f] #7 /opt/samba32/sbin/winbindd [0x80d4662] #8 /opt/samba32/sbin/winbindd [0x80ba8a9] #9 /opt/samba32/sbin/winbindd [0x80afeea] #10 /opt/samba32/sbin/winbindd [0x80b1c89] #11 /opt/samba32/sbin/winbindd [0x80db102] #12 /opt/samba32/sbin/winbindd [0x80dbe15] #13 /opt/samba32/sbin/winbindd [0x80da383] #14 /opt/samba32/sbin/winbindd [0x80a9220] #15 /opt/samba32/sbin/winbindd(main+0xdef) [0x80aa0db] #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc) [0xb7d45ebc] #17 /opt/samba32/sbin/winbindd [0x80a8031] [2007/07/12 10:28:38, 0] lib/fault.c:dump_core(180) dumping core in /opt/samba32/var/cores/winbindd Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- i.A. Michael Adam -- Michael Adam [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: could you please for debugging this raise your log level to 10 (and possibly set max log size to 0 to prevent rotation of log files). For the stack trace to be more meaningful, it would also be good to have samba compiled with CFLAGS=-g (debugging symbols) and without optimizations (no -O, -O2, ... flag). Furthermore the configure option --enable-pie=no is useful. As for your setup: Could you provide your smb.conf file (secret stuff grayed out of course)? You should double check that no components are mixed between your system package samba installation and your hand-compiled version (sorry if I am stating obious things): * save your smb.conf * clean all of /opt/samba32 * recompile as stated above * reinstall * copy your smb.conf to /opt/samba32/lib (don't forget to raise log level to 10 and max log size = 0) * make sure to copy (or link) libnss_winbind.so to /lib/libnss_winbind.so (and /lib/libnss_winbind.so.2) * rejoin the domain * start nmbd/smbd/winbindd daemons * make your tests as before, using tools (wbinfo...) from /opt/samba32/bin when not using system commands (id, getent, ...) Then provide us with the logs - maybe bugzilla.samba.org is more approriate a place for this. I would prefere to send this data to you directly and not publish it on the bts. I can remove some of the critical data from the log files, but not all. Also some key data about your AD environment would be interesting to know: number of DCs, OS version of DCs, mode of AD (native 2003, ...) number of users, number of groups, size of largest groups involved in your tests, number of groups user is member of, ... I can also send you this information to your mail address. Which one should I use? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: Assuming you have a web proxy, you can try rsync with setting the environment variable RSYNC_PROXY to $proxy_ip:$proxy_port (like export RSYNC_PROXY=192.168.0.1:3128 in bash). Proxy only allows port 80 and 443, 873 is blocked. http://svnanon.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html#id442180 I can't reach http://svnweb.samba.org/. That should probably be websvn instead of svnweb, but this is for inspecting single files and diffs, not for downloading the sources anyway. Ok, I thought there is a way to use svn+http to get the files. Is there another way to get the 3_2 release by svn/http? If you can't get it with rsync through http, I could put a tarball for download somewhere tomorrow. Just let me know. I was able to get it at home and put it on a cd :) The reason why lookup_groupmem gets used in ls -l at all is that the getgrgid library call is used to resolve the gids into names, and this call returns not only the name but the whole group structure, including the list of members. So to confirm my assumptions above, you could compare the runtime of ls -l to that of ls -ln: The latter should be much faster! Thanks for your reply, I'll try to get the source and compile it. This might take some time. BTW: wbinfo also wasn't working right and winbindd was not responding after issuing that command. By that command you mean ls -ln? And 'wbinfo -g' or 'wbinfo -u'. I couldnt't get the user and group and winbindd died after that command. Well, let's see what improvement the new version brings. BTW: The enhancements were made specifically for environments with hundreds of thousands of users and groups (and large groups!) in ad. Sounds promising! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
On Mi, Jul 11, 2007 at 10:45:00 +0200, Ralf Gross wrote: Ok, I thought there is a way to use svn+http to get the files. Yes, svn supports svn co http://...; But the server has to support that transport too. I think this is not supported on svnanon.samba.org currently, have to check. I was able to get it at home and put it on a cd :) Great! Michael Adam schrieb: By that command you mean ls -ln? And 'wbinfo -g' or 'wbinfo -u'. I couldnt't get the user and group and winbindd died after that command. wbinfo -u/-g get the list of users/groups even if winbind enum users/groups is set to no in the config (it uses other means than the getpwent/getgrent system functions). If your number of users and groups is very large, wbinfo will currently time out, but winbindd will continue to complete the request. Well, let's see what improvement the new version brings. BTW: The enhancements were made specifically for environments with hundreds of thousands of users and groups (and large groups!) in ad. Sounds promising! I am interested to hear how the new version performs in your setup! Michael -- Michael Adam [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: I was able to get it at home and put it on a cd :) Great! In the meantime I compiled 3.2, but I've some problems with the machine account. I joined the domain with the ubuntu package some weeks ago (my desktop) and installed samba 3.2 to /opt. I tried to copy the old samba tdb files from /var/lib/samba to /opt/... but it seems that something went wong (it was just a quick trial and error attempt). I have to look into that in the next days. Michael Adam schrieb: By that command you mean ls -ln? And 'wbinfo -g' or 'wbinfo -u'. I couldnt't get the user and group and winbindd died after that command. wbinfo -u/-g get the list of users/groups even if winbind enum users/groups is set to no in the config (it uses other means than the getpwent/getgrent system functions). If your number of users and groups is very large, wbinfo will currently time out, but winbindd will continue to complete the request. Ok. Well, let's see what improvement the new version brings. BTW: The enhancements were made specifically for environments with hundreds of thousands of users and groups (and large groups!) in ad. Sounds promising! I am interested to hear how the new version performs in your setup! This might take some more days but I'll give feedback! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Ralf Gross schrieb: I am interested to hear how the new version performs in your setup! This might take some more days but I'll give feedback! Ok, I was able to rejoin the domain. On host wu7e003: /opt/samba32# bin/wbinfo -t checking the trust secret via RPC calls succeeded /opt/samba32# bin/wbinfo -i ralfgro ralfgro:*:2000:2000::/home/ads/EMEA/ralfgro:/bin/bash But I can't connect to the host: smbclient //wu7e0003/ralfgro -U ralfgro -W emea Password: session setup failed: NT_STATUS_LOGON_FAILURE log.winbind: [2007/07/11 18:06:02, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6340]: request interface version [2007/07/11 18:06:02, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(554) [ 6340]: request location of privileged pipe [2007/07/11 18:06:02, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(415) [ 6340]: domain_info [EMEA] [2007/07/11 18:06:02, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1727) [ 6340]: pam auth crap domain: [EMEA] user: ralfgro [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 [2007/07/11 18:06:02, 3] nsswitch/winbindd_misc.c:winbindd_ping(500) [ 6340]: ping log.wb-EMEA [2007/07/11 18:06:02, 3] nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1793) [ 6248]: pam auth crap domain: EMEA user: ralfgro log.smbd [2007/07/11 18:06:02, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [ralfgro] - [ralfgro] FAILED with error NT_STATUS_NO_SUCH_USER Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
On Wed, Jul 11, 2007 at 06:16:12PM +0200, Ralf Gross wrote: [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 Update /lib/libnss_winbind.so with the version you just compiled and reboot. Volker pgp1LGHcYlhv9.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Volker Lendecke schrieb: On Wed, Jul 11, 2007 at 06:16:12PM +0200, Ralf Gross wrote: [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 Update /lib/libnss_winbind.so with the version you just compiled and reboot. I changed the path to libnss_winbind.so in all relevant files in /etc/pam.d/, but I will try your suggestion tomrorrow and reboot. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind + samba limits with large AD?
Hi, a few months ago I tried to setup samba + winbind (debian etch, amd64, samba 3.0.24). I followed the howto and got the authentication running. But I had not much success with winbind. I disabled the user/group enumeration, but this didn't change it. A simple 'ls -l' in a directory with 10-20 files took minutes to return the list and most of the time winbindd just stopped working an no connection to the samba shares were possible. I had to kill the daemon. I'm only responsible for a couple of linux workstations, but our AD is quite large (10 or more entries). Before I start a new attempt to get winbindd working, I would like to know if this is possible at all without any further patches or secret tweaks? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Hi Ralf, I assume that you are using security = ads and I assume that your AD setup has groups with lots of members? This is a known problem then that has been fixed in current samba (SAMBA_3_2 as of today): The ads version of the function lookup_groupmem (used to retrieve the members of a given group) showed poor performance on large groups. I recently improved the performance of this call (starting with svn revisions r23070 and r23072). This is in SAMBA_3_2 and in SAMBA_3_2_0, so it will be in the next release (3.2.0). There is no way to improve the performance significantly with 3.0.24 (except patching). So I suggest that you grab the latest sources with svn (see http://www.samba.org/samba/devel/), you can also get the upcoming release branch SAMBA_3_2_0 here) or get the unpacked sources with rsync like so: rsync -avSH samba.org::ftp/pub/unpacked/samba_3_2/ ./samba_3_2 and then compile it yourself. The reason why lookup_groupmem gets used in ls -l at all is that the getgrgid library call is used to resolve the gids into names, and this call returns not only the name but the whole group structure, including the list of members. So to confirm my assumptions above, you could compare the runtime of ls -l to that of ls -ln: The latter should be much faster! Cheers, Michael On Di, Jul 10, 2007 at 10:08:00 +0200, Ralf Gross wrote: Hi, a few months ago I tried to setup samba + winbind (debian etch, amd64, samba 3.0.24). I followed the howto and got the authentication running. But I had not much success with winbind. I disabled the user/group enumeration, but this didn't change it. A simple 'ls -l' in a directory with 10-20 files took minutes to return the list and most of the time winbindd just stopped working an no connection to the samba shares were possible. I had to kill the daemon. I'm only responsible for a couple of linux workstations, but our AD is quite large (10 or more entries). Before I start a new attempt to get winbindd working, I would like to know if this is possible at all without any further patches or secret tweaks? Ralf -- Michael Adam [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: I assume that you are using security = ads and I assume that your AD setup has groups with lots of members? Yes, that's right. This is a known problem then that has been fixed in current samba (SAMBA_3_2 as of today): The ads version of the function lookup_groupmem (used to retrieve the members of a given group) showed poor performance on large groups. I recently improved the performance of this call (starting with svn revisions r23070 and r23072). This is in SAMBA_3_2 and in SAMBA_3_2_0, so it will be in the next release (3.2.0). Ok. There is no way to improve the performance significantly with 3.0.24 (except patching). So I suggest that you grab the latest sources with svn (see http://www.samba.org/samba/devel/), you can also get the upcoming release branch SAMBA_3_2_0 here) or get the unpacked sources with rsync like so: rsync -avSH samba.org::ftp/pub/unpacked/samba_3_2/ ./samba_3_2 and then compile it yourself. I can't use rsync or cvs from office. It seems that svnweb which is mentioned in the howto is not working anymore. http://svnanon.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html#id442180 I can't reach http://svnweb.samba.org/. Is there another way to get the 3_2 release by svn/http? The reason why lookup_groupmem gets used in ls -l at all is that the getgrgid library call is used to resolve the gids into names, and this call returns not only the name but the whole group structure, including the list of members. So to confirm my assumptions above, you could compare the runtime of ls -l to that of ls -ln: The latter should be much faster! Thanks for your reply, I'll try to get the source and compile it. This might take some time. BTW: wbinfo also wasn't working right and winbindd was not responding after issuing that command. Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
On Tue, 2007-07-10 at 23:33 +0200, Ralf Gross wrote: I can't reach http://svnweb.samba.org/. Is there another way to get the 3_2 release by svn/http? Use http://viewcvs.samba.org I will correct the howto. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
On Di, Jul 10, 2007 at 11:33:24 +0200, Ralf Gross wrote: Michael Adam schrieb: I assume that you are using security = ads and I assume that your AD setup has groups with lots of members? Yes, that's right. There is no way to improve the performance significantly with 3.0.24 (except patching). So I suggest that you grab the latest sources with svn (see http://www.samba.org/samba/devel/), you can also get the upcoming release branch SAMBA_3_2_0 here) or get the unpacked sources with rsync like so: rsync -avSH samba.org::ftp/pub/unpacked/samba_3_2/ ./samba_3_2 and then compile it yourself. I can't use rsync or cvs from office. It seems that svnweb which is mentioned in the howto is not working anymore. Assuming you have a web proxy, you can try rsync with setting the environment variable RSYNC_PROXY to $proxy_ip:$proxy_port (like export RSYNC_PROXY=192.168.0.1:3128 in bash). http://svnanon.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html#id442180 I can't reach http://svnweb.samba.org/. That should probably be websvn instead of svnweb, but this is for inspecting single files and diffs, not for downloading the sources anyway. Is there another way to get the 3_2 release by svn/http? If you can't get it with rsync through http, I could put a tarball for download somewhere tomorrow. Just let me know. The reason why lookup_groupmem gets used in ls -l at all is that the getgrgid library call is used to resolve the gids into names, and this call returns not only the name but the whole group structure, including the list of members. So to confirm my assumptions above, you could compare the runtime of ls -l to that of ls -ln: The latter should be much faster! Thanks for your reply, I'll try to get the source and compile it. This might take some time. BTW: wbinfo also wasn't working right and winbindd was not responding after issuing that command. By that command you mean ls -ln? Well, let's see what improvement the new version brings. BTW: The enhancements were made specifically for environments with hundreds of thousands of users and groups (and large groups!) in ad. Cheers, Michael -- Michael Adam [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba