Bug 6771 - Too much init_sam_from_ldap per user
Too much init_sam_from_ldap per user
Status: RESOLVED INVALID
Product: Samba 3.3
Classification: Unclassified
Component: User & Group Accounts
3.3.7
x86 Linux
: P3 critical
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-30 07:39 UTC by Bruno MACADRE
Modified: 2009-10-07 04:56 UTC (History)
0 users

See Also:


Attachments
My smb.conf (2.68 KB, text/plain)
2009-09-30 07:45 UTC, Bruno MACADRE
no flags Details
Sample of a workstation logfile (1.97 KB, text/plain)
2009-09-30 07:49 UTC, Bruno MACADRE
no flags Details
Logfile of one connection of a user with log level 10 activated (736.76 KB, application/octet-stream)
2009-10-06 10:31 UTC, Bruno MACADRE
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bruno MACADRE 2009-09-30 07:39:53 UTC
Hi,

I'm working on a big problem with a Samba PDC 3.3.7 with an OpenLDAP Backend.

The problem is, when a user try to log into a WinXP WorkStation, the Samba Server scan ALL the accounts in the LDAP (about 550 accounts for me). This behavior is the same for ALL users who try to log into ALL workstations (about 250). Finally the connexion succeed but it need to wait a little (about 10 seconds if this user is the only one to try to connect at this time).

The problem was bigger when (for practices sessions purpose) i've between 16 and 64 users trying to connect at the same time... the SAMBA server scan ALL accounts during each connexion (between 16 and 64 at the same time...). This results in a dramatically increase of the load average of the LDAP server, and a dramaticaly increase of the time a user need to wait to work on his workstation... When 2 working sessions starts at the same time (i.e. when about 30 users try to connect at the same time), the users must wait about 15 minutes before starting to work.

When i read the log for a workstation i see after the loading of the win profile multiples lines like : "init_sam_from_ldap: Entry found for user: user1"... In my case this line appears 551 times (with a different username on each)... this 551 "init_sam_from_ldap" must be multiplied by the number of workstation (about 250). So it's not abnormal that a connexion need 15 minutes to proceed when 30 users try to connect at the same time.

I'll put my smb.conf and a sample of workstation log file in attachment.
Comment 1 Bruno MACADRE 2009-09-30 07:45:59 UTC
Created attachment 4764 [details]
My smb.conf

My smb.conf
Comment 2 Bruno MACADRE 2009-09-30 07:49:53 UTC
Created attachment 4765 [details]
Sample of a workstation logfile

Sample of a workstation logfile. We can see lines like "init_sam_from_ldap", in reality this line appears 551 times.
Comment 3 Bruno MACADRE 2009-09-30 07:55:29 UTC
(In reply to comment #0)
Just for information, in Samba 3.4.1 i've got the same behavior
Comment 4 Volker Lendecke 2009-10-05 14:35:53 UTC
(In reply to comment #2)
> Created an attachment (id=4765) [details]
> Sample of a workstation logfile
> 
> Sample of a workstation logfile. We can see lines like "init_sam_from_ldap", in
> reality this line appears 551 times.
> 

Please supply a full debug level 10 log of such a login.

Volker
Comment 5 Bruno MACADRE 2009-10-06 04:53:15 UTC
(In reply to comment #4)
> (In reply to comment #2)
> > Created an attachment (id=4765) [details] [details]
> > Sample of a workstation logfile
> > 
> > Sample of a workstation logfile. We can see lines like "init_sam_from_ldap", in
> > reality this line appears 551 times.
> > 
> 
> Please supply a full debug level 10 log of such a login.
> 
> Volker
> 

Hi,

I've made a log level 10 for a connexion process of one user over one WinXP Pro Workstation. I've kept my smb.conf (cf attachment) unchanged, i've just added "ldapsam:trusted=yes", like you said on samba-list.

The logfile is huge (about 40Mb), the scan of the entire LDAP take a lot of lines ^^, so i can't attach this here. But you can find my log file at this URL :
http://dl.free.fr/vM7TdMTFM

Thanks by advance,
Bruno
Comment 6 Volker Lendecke 2009-10-06 05:15:22 UTC
How much is it if you compress it with bzip2 -9? If it's less than, say, 5MB, send it to me directly. Somehow this overloaded "free" download site does not give it to me. Probably this is only for IE8 users :-(

Volker
Comment 7 Bruno MACADRE 2009-10-06 10:30:06 UTC
(In reply to comment #6)
> How much is it if you compress it with bzip2 -9? If it's less than, say, 5MB,
> send it to me directly. Somehow this overloaded "free" download site does not
> give it to me. Probably this is only for IE8 users :-(
> 
> Volker
> 
Why i don't think to compress it... i'm so stupid sometimes :'( ... So compressed its size is about 800Kb ^^ I send it to you now and put it in attachement if anybody else want to check it.

DL Free site works with every browser, i never use Windows so i don't have IE at all. I'm working with firefox 2.0.0.20 and 3.5.2 !

Regards,
Bruno 
Comment 8 Bruno MACADRE 2009-10-06 10:31:11 UTC
Created attachment 4789 [details]
Logfile of one connection of a user with log level 10 activated
Comment 9 Volker Lendecke 2009-10-06 12:27:18 UTC
Set "hide unreadable = no" on the [netlogon] share.

I'm closing this bug as invalid, this is a configuration issue. Please re-open with a new log file if that does not help.

Volker
Comment 10 Bruno MACADRE 2009-10-07 04:56:02 UTC
(In reply to comment #9)
> Set "hide unreadable = no" on the [netlogon] share.
> 
> I'm closing this bug as invalid, this is a configuration issue. Please re-open
> with a new log file if that does not help.
> 
> Volker
> 
It works !! Thanks a lot. It's a strange behavior for this simple configuration issue, but when i read the log, it's logical...

Thanks again,
Bruno