Scott Lovenberg wrote:
Gerald (Jerry) Carter wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Elvar wrote:
|
| Just an update on this. I recompiled and installed putting in 600
as the
| max simultaneous clients since they have 550 computers. After having
| done that, internet connectivity was working great for about a month
| whereas before daily max connections would be reached and users
would be
| stuck at the proxy auth prompt. Unfortunately the same thing occurred
| yesterday. What I don't understand is how it could be reached when the
| total number of computers is only 550.
Sounds like a web proxy server right ? so the question is
whether or not the proxy server is spawning multiple
auth requests to handle multiple connection attempts from
a single client or not.
| Any hints or feedback on this would be greatly appreciated. Output
from
| the log.winbindd file is below. I only pasted a few of them, but
the log
| had many listed in a row until the local IT person three finger
saluted
| the box.
|
| Also, is there any way to view the current number of winbindd
processes
| in use? I'd love to monitor that using Zabbix or something and have it
| auto respond when the total reaches 590 or something similar.
It's more about the number of open fds which includes the
ones between parent and child processes. Use lsof to monitor
and match the pid with right winbindd process. Also look at
what other files winbindd process have opened.
|
| [2008/04/08 09:40:54, 0] nsswitch/winbindd.c:process_loop(850)
| winbindd: Exceeding 600 client connections, no idle connection found
| [2008/04/08 09:40:55, 0] nsswitch/winbindd.c:rw_callback(383)
| PANIC: assert failed at nsswitch/winbindd.c(383)
| [2008/04/08 09:40:55, 0] nsswitch/winbindd.c:process_loop(850)
| winbindd: Exceeding 600 client connections, no idle connection found
| [2008/04/08 09:40:55, 0] nsswitch/winbindd.c:rw_callback(383)
which log file are these showing up in? And what version
of Samba is this?
|
|
|
| Kind regards,
| Elvar
|
Not sure if it means anything, but aren't there a number of addons
that use squid (ntlm_auth?) as an interface between samba and apache
or PAM? I've never been brave enough to go down that road, but
perhaps they've got something like that going on? 'lsof' should tell
the tale if that's the case, I suppose.
Yes, Squid comes with it's own NTLM AUTH mechanism but it does not
support the --require-membership option which allows me to force users
to be a part of a specific "internet access" group. That's why I'm using
winbindd.
Elvar
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
