Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 3.4 authentication suddenly very slow.
96 views
Skip to first unread message
Don Krause
Jan 4, 2012, 2:40:03 PM1/4/12
to
After a scheduled power outage, with all hosts cleanly shut down, I'm having a bad performance issue on my samba server.
This configuration has worked well for over a year, but after the power outage, attempting to access any share takes over a minute.
net ads testjoin is fine,
wbinfo -u and wbinfo -g returns the correct information.
The shares CAN be accessed, once accessed, read and write performance is fine.
The problem is the initial access. I can do \\filehost from the windows box, and it immediately returns a folder showing all shares. Clicking on any share however, pauses for more than a minute, before allowing access.
Prior to the power outage, typing \\filehost in the Windows "run" box would pop up an auto complete with all available shares, it does not do that now.
I'm stuck on where to look next. I have the log level set to 10 in my smb.conf file.
Clients are mixed Win7 and XP, AD is 2008R2, Samba is 3.4.0 on Ubuntu.
From smb.conf:
[global]
workgroup = OPTIVUS
realm = OPTIVUS.COM
security = ADS
password server = optad.optivus.com
log level = 10
log file = /var/log/samba/%m.log
max log size = 50
unix extensions = No
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
hosts allow = 143.197.0.0/16, 172.24.0.0/16
Thanks!
--
Don Krause
This configuration has worked well for over a year, but after the power outage, attempting to access any share takes over a minute.
net ads testjoin is fine,
wbinfo -u and wbinfo -g returns the correct information.
The shares CAN be accessed, once accessed, read and write performance is fine.
The problem is the initial access. I can do \\filehost from the windows box, and it immediately returns a folder showing all shares. Clicking on any share however, pauses for more than a minute, before allowing access.
Prior to the power outage, typing \\filehost in the Windows "run" box would pop up an auto complete with all available shares, it does not do that now.
I'm stuck on where to look next. I have the log level set to 10 in my smb.conf file.
Clients are mixed Win7 and XP, AD is 2008R2, Samba is 3.4.0 on Ubuntu.
From smb.conf:
[global]
workgroup = OPTIVUS
realm = OPTIVUS.COM
security = ADS
password server = optad.optivus.com
log level = 10
log file = /var/log/samba/%m.log
max log size = 50
unix extensions = No
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
hosts allow = 143.197.0.0/16, 172.24.0.0/16
Thanks!
--
Don Krause
Don Krause
Jan 4, 2012, 8:20:02 PM1/4/12
to
Some additional info, I'm starting to believe that this is caused by an MS patch that was applied to our AD servers.
I've unarchived the original VMWare image of the test linux installation that we used to verify that 2008r2 AD and Samba would work with win7 clients, it behaves exactly the same way.
From windows, run \\test7 and it immediately returns the full list of available shares, however, click on a share, and it takes more than 1 full minute before access is granted.
Then, I set up a new VM, this time used Cent 6.2, with samba 3.5. Configured, joined the domain, etc.
net ads testjoin works, wbinfo works, kinit works, everything checks out, but this case, the problem is worse.
running \\test12 immediately brings up a list of all shares, attempting to click on any causes the > 1 min what, but then access is denied.
Odd, the logs appear to say that access is granted.
[2012/01/04 16:14:40.004734, 3] lib/access.c:392(check_access)
check_access: no hostnames in host allow/deny list.
[2012/01/04 16:14:40.004933, 2] lib/access.c:409(check_access)
Allowed connection from (::ffff:172.24.143.3)
[2012/01/04 16:14:40.004981, 10] smbd/share_access.c:238(user_ok_token)
user_ok_token: share scully is ok for unix user dkrause
But win7 says that access is denied.
Losing my hair here…
Thanks!
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
Don Krause
Head Systems Geek,
Waver of Deceased Chickens.
Optivus Proton Therapy, Inc.
P.O. Box 608
Loma Linda, California 92354
909.799.8327 Tel
909.799.8366 Fax
dkr...@optivus.com
www.optivus.com
"This message represents the official view of the voices in my head."
I've unarchived the original VMWare image of the test linux installation that we used to verify that 2008r2 AD and Samba would work with win7 clients, it behaves exactly the same way.
From windows, run \\test7 and it immediately returns the full list of available shares, however, click on a share, and it takes more than 1 full minute before access is granted.
Then, I set up a new VM, this time used Cent 6.2, with samba 3.5. Configured, joined the domain, etc.
net ads testjoin works, wbinfo works, kinit works, everything checks out, but this case, the problem is worse.
running \\test12 immediately brings up a list of all shares, attempting to click on any causes the > 1 min what, but then access is denied.
Odd, the logs appear to say that access is granted.
[2012/01/04 16:14:40.004734, 3] lib/access.c:392(check_access)
check_access: no hostnames in host allow/deny list.
[2012/01/04 16:14:40.004933, 2] lib/access.c:409(check_access)
Allowed connection from (::ffff:172.24.143.3)
[2012/01/04 16:14:40.004981, 10] smbd/share_access.c:238(user_ok_token)
user_ok_token: share scully is ok for unix user dkrause
But win7 says that access is denied.
Losing my hair here…
Thanks!
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
Don Krause
Head Systems Geek,
Waver of Deceased Chickens.
Optivus Proton Therapy, Inc.
P.O. Box 608
Loma Linda, California 92354
909.799.8327 Tel
909.799.8366 Fax
dkr...@optivus.com
www.optivus.com
"This message represents the official view of the voices in my head."
Volker Lendecke
Jan 5, 2012, 3:30:02 AM1/5/12
to
On Wed, Jan 04, 2012 at 05:18:11PM -0800, Don Krause wrote:
> Some additional info, I'm starting to believe that this is caused by an MS patch that was applied to our AD servers.
>
> I've unarchived the original VMWare image of the test linux installation that we used to verify that 2008r2 AD and Samba would work with win7 clients, it behaves exactly the same way.
>
> From windows, run \\test7 and it immediately returns the full list of available shares, however, click on a share, and it takes more than 1 full minute before access is granted.
>
> Then, I set up a new VM, this time used Cent 6.2, with samba 3.5. Configured, joined the domain, etc.
>
> net ads testjoin works, wbinfo works, kinit works, everything checks out, but this case, the problem is worse.
>
> running \\test12 immediately brings up a list of all shares, attempting to click on any causes the > 1 min what, but then access is denied.
>
> Odd, the logs appear to say that access is granted.
>
> [2012/01/04 16:14:40.004734, 3] lib/access.c:392(check_access)
> check_access: no hostnames in host allow/deny list.
> [2012/01/04 16:14:40.004933, 2] lib/access.c:409(check_access)
> Allowed connection from (::ffff:172.24.143.3)
> [2012/01/04 16:14:40.004981, 10] smbd/share_access.c:238(user_ok_token)
> user_ok_token: share scully is ok for unix user dkrause
>
> But win7 says that access is denied.
>
> Losing my hair here…
>
> Thanks!
> Some additional info, I'm starting to believe that this is caused by an MS patch that was applied to our AD servers.
>
> I've unarchived the original VMWare image of the test linux installation that we used to verify that 2008r2 AD and Samba would work with win7 clients, it behaves exactly the same way.
>
> From windows, run \\test7 and it immediately returns the full list of available shares, however, click on a share, and it takes more than 1 full minute before access is granted.
>
> Then, I set up a new VM, this time used Cent 6.2, with samba 3.5. Configured, joined the domain, etc.
>
> net ads testjoin works, wbinfo works, kinit works, everything checks out, but this case, the problem is worse.
>
> running \\test12 immediately brings up a list of all shares, attempting to click on any causes the > 1 min what, but then access is denied.
>
> Odd, the logs appear to say that access is granted.
>
> [2012/01/04 16:14:40.004734, 3] lib/access.c:392(check_access)
> check_access: no hostnames in host allow/deny list.
> [2012/01/04 16:14:40.004933, 2] lib/access.c:409(check_access)
> Allowed connection from (::ffff:172.24.143.3)
> [2012/01/04 16:14:40.004981, 10] smbd/share_access.c:238(user_ok_token)
> user_ok_token: share scully is ok for unix user dkrause
>
> But win7 says that access is denied.
>
> Losing my hair here…
>
> Thanks!
Full debug logs and a network trace might be helpful. For
creating useful network traces, see
http://wiki.samba.org/index.php/Capture_Packets
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kon...@sernet.de
Don Krause
Jan 5, 2012, 2:20:02 PM1/5/12
to
On Jan 5, 2012, at 12:21 AM, Volker Lendecke wrote:
> On Wed, Jan 04, 2012 at 05:18:11PM -0800, Don Krause wrote:
>> Some additional info, I'm starting to believe that this is caused by an MS patch that was applied to our AD servers.
>>
>> I've unarchived the original VMWare image of the test linux installation that we used to verify that 2008r2 AD and Samba would work with win7 clients, it behaves exactly the same way.
>>
>> From windows, run \\test7 and it immediately returns the full list of available shares, however, click on a share, and it takes more than 1 full minute before access is granted.
>>
>> Then, I set up a new VM, this time used Cent 6.2, with samba 3.5. Configured, joined the domain, etc.
>>
>> net ads testjoin works, wbinfo works, kinit works, everything checks out, but this case, the problem is worse.
>>
>> running \\test12 immediately brings up a list of all shares, attempting to click on any causes the > 1 min what, but then access is denied.
>>
>> Odd, the logs appear to say that access is granted.
>>
>> [2012/01/04 16:14:40.004734, 3] lib/access.c:392(check_access)
>> check_access: no hostnames in host allow/deny list.
>> [2012/01/04 16:14:40.004933, 2] lib/access.c:409(check_access)
>> Allowed connection from (::ffff:172.24.143.3)
>> [2012/01/04 16:14:40.004981, 10] smbd/share_access.c:238(user_ok_token)
>> user_ok_token: share scully is ok for unix user dkrause
>>
>> But win7 says that access is denied.
>>
>> Losing my hair here…
>>
>> Thanks!
>
> Full debug logs and a network trace might be helpful. For
> creating useful network traces, see
>
> http://wiki.samba.org/index.php/Capture_Packets
>
> Thanks,
>
> Volker
>
Things are magically working again this morning, after being slow for the last 3 days.
But, that hasn't solved my access issue on the new CentOS test box, but now that the panic has subsided, I'll
do a more careful job of looking into that one, and I'll post later if there's a real problem.
Thanks again!
0 new messages