Bug 6070 - modify the winbind source code to open more than one connection for auth
Summary: modify the winbind source code to open more than one connection for auth
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 enhancement
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-01-27 16:31 UTC by Marcell ZAMBO
Modified: 2012-04-24 19:37 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Marcell ZAMBO 2009-01-27 16:31:34 UTC
The current winbind implementation use only one connection for auth.

here is some irc log, from #samba-technical channel:

01/15/09 18:35:39 <zmarci> hi all
01/15/09 18:38:41 <zmarci> i read the manual, howtos, and lot of ms bullshit, but i can't understand how can i tuning winbind auth performance, i created a litle test script with ntlm_auth helper, and testing in ADS environment and always get 170-190 auth request/sec
01/15/09 18:39:25 <zmarci> i tried 1, 2,8,16 parallel "thread", but the result is same, always 170-190 auth request/sec, no more
01/15/09 18:39:37 <vl> zmarci: You would need to provide a sniff of this, so that we can see if it's the client or the DC who is limiting speed
01/15/09 18:40:31 <zmarci> the "clients" (the test script) running on the samba server, the dc is in same ethernet lan with samba server
01/15/09 18:40:39 <zmarci> ping delay less 0.2ms
01/15/09 18:40:45 <vl> zmarci: I know what you mean.
01/15/09 18:40:53 <vl> zmarci: We'd need sniffs.
01/15/09 18:41:09 <vl> zmarci: It's highly likely that the DC is the bottleneck.
01/15/09 18:42:11 <zmarci> i found one interesting registry key in the windows server ... maxconcurrentapi
01/15/09 18:42:42 <vl> zmarci: do you have a kb number for that?
01/15/09 18:42:54 <zmarci> when i change the default value (0) to 5 the winbind connected more thread to dc
01/15/09 18:43:07 <vl> huh?
01/15/09 18:43:17 <zmarci> vl, sorry but i dont understand bottleneck ... ;)
01/15/09 18:43:39 <vl> By bottleneck I mean the component that limits the performance
01/15/09 18:43:47 <zmarci> ok, thx
01/15/09 18:44:22 <zmarci> with the default maxcon... winbind connect with 2 connections to dc
01/15/09 18:44:40 <zmarci> after the change connects with 5 connections
01/15/09 18:44:46 <zmarci> (to the 445 port)
01/15/09 18:44:48 <vl> No, I doubt that.
01/15/09 18:45:09 <vl> how can a parameter on the server influence winbind behaviour?
01/15/09 18:45:26 <vl> winbind for auth purposes only ever makes one connection.
01/15/09 18:45:41 <vl> We could expand that, but nobody has done it so far.
01/15/09 18:46:10 <zmarci> how?
01/15/09 18:46:37 <vl> Well, just modify the winbind source code to open more than one connection.
01/15/09 18:46:48 <bmarshmn> _just_ ;)
01/15/09 18:47:12 <vl> bmarshmn: Shouldn't be too hard, really. Just fork two domain children.
01/15/09 18:47:46 <vl> The scheduler in the parent would have to be modified, but that's doable as well.
01/15/09 18:48:11 <vl> nevertheless, I'm off for 1-2 hours
01/15/09 18:48:13 <vl> cu later
Comment 1 Marcell ZAMBO 2009-02-05 22:44:08 UTC
in the enterprise environment need more effective auth subsystem performance, please do it :)
Comment 2 Guenther Deschner 2009-08-06 18:41:37 UTC
possible enhancement for 3.5 then.
Comment 3 Karolin Seeger 2010-01-25 05:34:02 UTC
Too late for enhancements in 3.5. Raising version.
Comment 4 Volker Lendecke 2012-04-24 19:37:30 UTC
Fixed in 3.6 with "winbind max domain connections".