Re: [Samba] Samba 3.5 - user authentication issues
On 10/31/2012 05:49 PM, Jakov Sosic wrote: idmap backend = rid:DOMAIN=1-4 idmap uid = 1-4 idmap gid = 1-4 winbind use default domain = Yes It seems this was culprit. I changed it to look like this: idmap backend = tdbsam idmap uid = 1-4 idmap gid = 1-4 idmap config DOMAIN:backend = rid idmap config DOMAIN:range = 1-4 winbind use default domain = Yes and now it works. Hope this helps others too. -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining domain without password?
On 10/30/2012 06:53 AM, Andrew Bartlett wrote: By some means, we need to securely establish a shared secret between the machine and the DC. You could forward a kerberos ticket to the host, if that's easier to automate and use -k. The old (NT4) style of setting up the account first, which implicitly set the password to machinename, isn't exactly secure, so doesn't help much. (that was what smbpasswd -j used long ago). You can delegate the privilege of joining machines to the domain, which may lessen the impact of the password or kerberos ticket/keytab you forward, but the shared secret needs to be securely set up somehow. I've decided to create user with sole privilege of joining machines to domain, and automation works OK. Thank you. -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5 - user authentication issues
[2012/10/31 17:43:09.223677, 10] winbindd/winbindd.c:620(process_request) process_request: request fn DOMAIN_INFO [2012/10/31 17:43:09.223698, 3] winbindd/winbindd_misc.c:244(winbindd_domain_info) [19232]: domain_info [DOMAIN] [2012/10/31 17:43:09.223737, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[19232:DOMAIN_INFO]: deliverd response to client [2012/10/31 17:43:09.224236, 10] winbindd/winbindd.c:620(process_request) process_request: request fn AUTH_CRAP [2012/10/31 17:43:09.224273, 3] winbindd/winbindd_pam.c:1838(winbindd_pam_auth_crap) [19232]: pam auth crap domain: [DOMAIN] user: jakov.sosic [2012/10/31 17:43:09.224294, 8] lib/util.c:1894(is_myname) is_myname(DOMAIN) returns 0 [2012/10/31 17:43:09.230954, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[19232:AUTH_CRAP]: deliverd response to client [2012/10/31 17:43:09.231408, 10] winbindd/winbindd.c:593(process_request) process_request: Handling async request 19232:PING [2012/10/31 17:43:09.231437, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[19232:PING]: NT_STATUS_OK [2012/10/31 17:43:09.231472, 10] winbindd/winbindd.c:716(winbind_client_response_written) winbind_client_response_written[19232:PING]: deliverd response to client [2012/10/31 17:43:09.233042, 6] winbindd/winbindd.c:816(winbind_client_request_read) closing socket 20, client exited Problem is that this exact configuration works OK on both Solaris 10 samba (3.5.8) and CentOS 5 samba3x (3.5.10), but refuses to work on CentOS 6 samba (3.5.10)... Any ideas? -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Joining domain without password?
Hi. Is it possible somehow to join a Linux machine to a AD Domain without providing any password on a CLI? So far, I've been joining machines purely by: # net ads joint -U Administrator%password But now, I'm trying to automatize the process through puppet, but don't know if it's possible somehow to join domain without using administrator (or any other) password? I can ask domain admin to add the machine account by hand. I'm currently using Samba 3.5.x on RHEL 5 (samba3x rpms) and RHEL 6 (samba rpms). -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5 CIFS mounts - long standing issue...
Hi. I can see that this is a long long standing issue... Apparently things changed in Windows 2008 R2, and after upgrade of domain from R1 to R2 cifs mounts don't work anymore between Linux servers. Windows can see Samba shares and mount them, but CIFS on another Linux box cannot... Here is a thread with explanation in lenght: http://ubuntuforums.org/showthread.php?t=1178484 I get the exact same logs and errors... I've tested with smbclient and everything works but with CIFS - no way :( Has anybody succeded in solving this one? Mount with CIFS: # mount -t cifs //server/share /mnt -o username=jakov.sosic,password=***,domain=mydomain -v mount.cifs kernel mount options: unc=//server\share,ver=1,username=jakov.sosic,domain=mydomain,ip=xxx.xxx.xxx.xxx,pass= mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) Login with smbclient: # smbclient -U jakov.sosic //server/share Enter Administrator's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.4-0.83.el5_7.2] smb: \ I've tried adding various mount parameters like sec=ntlmv2, credentials=/path/to/file, but every attempt fails. Any ideas?!?!! Samba is version 3.5.4 on CentOS 5.7 on both Linux machines. -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5 CIFS mounts - long standing issue...
On 02/03/2012 03:44 PM, Shirish Pargaonkar wrote: On Fri, Feb 3, 2012 at 6:13 AM, Jakov Sosicjakov.so...@srce.hr wrote: Hi. I can see that this is a long long standing issue... Apparently things changed in Windows 2008 R2, and after upgrade of domain from R1 to R2 cifs mounts don't work anymore between Linux servers. Windows can see Samba shares and mount them, but CIFS on another Linux box cannot... Here is a thread with explanation in lenght: http://ubuntuforums.org/showthread.php?t=1178484 I get the exact same logs and errors... I've tested with smbclient and everything works but with CIFS - no way :( Has anybody succeded in solving this one? Mount with CIFS: # mount -t cifs //server/share /mnt -o username=jakov.sosic,password=***,domain=mydomain -v mount.cifs kernel mount options: unc=//server\share,ver=1,username=jakov.sosic,domain=mydomain,ip=xxx.xxx.xxx.xxx,pass= mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) Login with smbclient: # smbclient -U jakov.sosic //server/share Enter Administrator's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.4-0.83.el5_7.2] smb: \ I've tried adding various mount parameters like sec=ntlmv2, credentials=/path/to/file, but every attempt fails. Any ideas?!?!! Samba is version 3.5.4 on CentOS 5.7 on both Linux machines. Hm, it seems to be working now... I've added the following to smb.conf on the server: map untrusted to domain = yes restarted samba, tried - it wouldn't work. Removed that line, restarted again, tried again, now it works... Also, domain should be noted in lowercase. Don't know what fixed it ... Also if you have hidden share (with $ at the end of the name), you shouldn't escape it in /etc/fstab or in automount maps. PS: # modinfo cifs filename: /lib/modules/2.6.18-274.7.1.el5/kernel/fs/cifs/cifs.ko version:1.60RH description:VFS to access servers complying with the SNIA CIFS Specification e.g. Samba and Windows license:GPL author: Steve French sfre...@us.ibm.com srcversion: CB01A53173C481FE5E6FF69 depends: vermagic: 2.6.18-274.7.1.el5 SMP mod_unload gcc-4.1 parm: CIFSMaxBufSize:Network buffer size (not including header). Default: 16384 Range: 8192 to 130048 (int) parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to 64 (int) parm: cifs_min_small:Small network buffers in pool. Default: 30 Range: 2 to 256 (int) parm: cifs_max_pending:Simultaneous requests to server. Default: 50 Range: 2 to 256 (int) module_sig: 883f3504ea08a83e35359b9fcadd15112127009f5cd5f84520a7fe8b58314afabd51ca0b12cf0760a0cdb12f7ec2dd33a5f842dcc57d643245b5f434 -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 problems with idmap rid
On 01/16/2012 09:15 AM, David Roid wrote: Ever since upgrade to 3.6, wbinfo -u working but wbinfo -i hitting WBC_ERR_DOMAIN_NOT_FOUND has been a headache, seems winbind always fails to get the domain info for individual idmap the VERY FIRST TIME you start it after upgrade or join a domain. Most of times I manage to solve it by using: smb.conf idmap config * : range = 1-2 idmap config * : backend = tdb idmap config MYDOMAIN : default = yes idmap config MYDOMAIN : range = 10-20 idmap config MYDOMAIN : backend = rid smb.conf If above snip doesn't work, try your luck with changing idmap config * options back to old-style idmap uid/gid = + idmap backend = tdb while keeping your domain-specific options new-style, ought to solve it. My observation is, it's like you have to give winbind/idmap a kick start and once you get wbinfo -i working, you can again change back to idmap config * (otherwise testparm will complain). Yeah I tried that but then identity mapping is very strange. For instance, first user I ask for with wbinfo -i username gets UID 10001, second gets 10002, third 10003 - and that's nowhere near the behaviour of autorid in 3.5 :-/ -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6 problems with idmap rid
Hi! I am using mainly Samba 3.5 on CentOS, and I was very pleased with idmap_rid backend for SID-to-RID mappings. But on Solaris 10, I can only use 3.6 because OpenCSW ships only 3.6. Problem is, things are changed and are not working as expected... Here is my config on RHEL Samba 3.5: [global] workgroup = WINDOMAIN realm = WINDOMAIN.LOCAL server string = localserver (Samba ver. %v) security = ADS allow trusted domains = No password server = someserver.windomain.local log file = /var/log/samba/log.%m load printers = No local master = No domain master = No idmap backend = idmap_rid:WINDOMAIN=1-4 idmap uid = 1-4 idmap gid = 1-4 winbind use default domain = Yes cups options = raw And it works like a charm. On a version 3.6: [global] workgroup = WINDOMAIN realm = WINDOMAIN.LOCAL server string = localserver (Samba ver. %v) security = ADS allow trusted domains = No username map = /etc/opt/csw/samba/smbusers syslog = 0 log file = /var/opt/csw/samba/log/%m.log max log size = 500 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No local master = No domain master = No winbind use default domain = Yes idmap config * : range = 1-4 idmap config * : backend = rid : WINDOMAIN=1-4 Now, on a 3.6 I have the following problem: # net ads testjoin Join is OK # net rpc testjoin Join to 'WINDOMAIN' is OK # net getlocalsid SID for domain LOCALSERVER is: S-1-5-21-1414315435-1886595200-1013317001 # wbinfo -u | grep jakov.sosic jakov.sosic # wbinfo -i jakov.sosic failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user jakov.sosic Where am I wrong? Why can't I get rid mappings for domain users? -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 problems with idmap rid
On 01/15/2012 07:59 PM, Dale Schroeder wrote: Jakov, That looks similar to what Robert LeBlanc posted with Samba Bug 8676 (Debian Bug 652679). Compare his findings to what you see. https://bugzilla.samba.org/show_bug.cgi?id=8676 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679 On my test systems using RID, I see similar, but not identical symptoms to his HASH backend. For me, a reboot will restore connectivity until I need to restart Samba or winbind. Then nothing but another reboot will get winbind working again. On Solaris 10u10 and OpenCSW last Samba package (3.6.1) even reboot doesn't help :-/ -- Jakov Sosic www.srce.unizg.hr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP backend replication?
On 02/10/2010 12:34 PM, Adam Tauno Williams wrote: That won't work. But you can get OpenLDAP 2.4 packages from http://staff.telkomsa.net/packages/rhel5/openldap/i386/ for CentOS/RHEL. Well, I've found a solution that works. It seems that I've been missing two entries: a logbase and logfilter declarations. After I added them, replication works like a charm. But, second problem arose. I have different ldap bind dn's for replica and for master. When I want to add Windows machine to the domain, I get the following error: [2010/02/10 16:10:02, 5] lib/smbldap.c:rebindproc_connect_with_state(855) rebindproc_connect_with_state: Rebinding to ldap://MASTER_IP_ADDR/sambaDomainName=DOMAIN,dc=company,dc=com as uid=root,ou=people,dc=zimbra,dc=company,dc=com [2010/02/10 16:10:02, 3] passdb/passdb.c:samu_set_unix_internal(217) Could not allocate a new RID I guess problem is that uid=root,ou=people,dc=zimbra,dc=company,dc=com is not a correct bind DN in master LDAP, and master LDAP's DN is not root on slave. Is there a way to correct this issue? Any ideas? Thank you! -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] LDAP backend replication?
Hi to all! I've set up Zimbra LDAP (2.4) as master, and I want to use RHEL v5 LDAP (2.3) as a slave. This is relevant part of my slapd.conf on LDAP 2.3: # syncrepl directives syncrepl rid=101 provider=ldap://192.168.1.86 bindmethod=simple binddn=uid=zimbra,cn=admins,cn=zimbra credentials=PASSword searchbase=dc=company,dc=com schemachecking=on type=refreshAndPersist retry=60 + syncdata=accesslog # Refer updates to the master updateref ldap://192.168.1.86 Replication works OK, when I first start LDAP, it populates automatically. But after that initial data, it just doesn't pull anything anymore. I have to restart it, or it won't pull data from Master :( Problem is, when I add user to Zimbra LDAP (master), it does not propagate immediately data to slave LDAP. I don't even know what the interval is, I've never seen it happen in a few minutes after the Master LDAP is updated... Am I missing something? Shouldn't refreshAndPersist do it without any delay (or with minimal delay)? Should I run someting on zimbra LDAP side, or is the sync from LDAP 2.4 to LDAP 2.3 impossible? Would it be better to set something like: type=refreshOnly interval=00:00:00:01 but this just seems like a bruteforce to me :( I repeat, after I restart slave LDAP, all the new enteries appear magically. I'm really confused. Problems that occur with samba because of this is that I cannot add new machines to the domain, I get the username could not be found errors. I'm trying to free my samba of mater ldap, and bind it to slave ldap. That way, updates will be refered to master, but if master fails, users would still be able to log in. Is this a correct understanding or am I missing something? Thank you. -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Downgrade TDB files?
Hi. I've tried Samba 3.4.3 and it upgraded my passdb.tdb file. After testing I concluded that I'm not going to upgrade to 3.4.3 yet, because 'getent passwd' was broken in recent BlastWave Solaris packages: http://wiki.blastwave.org/forum/viewtopic.php?f=5t=447start=0 Now, after I downgraded the Samba back to 3.0.32, client connections started to malfunction. I saw these in my logs: [2010/01/04 10:54:08, 0] ../samba-3.0.32/source/passdb/pdb_tdb.c:(1049) tdbsam_getsampwnam: failed to open /etc/opt/csw/samba/private/passdb.tdb! [2010/01/04 11:06:13, 0] ../samba-3.0.32/source/passdb/pdb_tdb.c:(848) tdbsam_open: unknown version = 4 This causes winbind to coredump... Now, I've backed up passdb.tdb and restart samba, because this samba instance is just a domain member, and everything seems to work. But I wonder, is there a way to downgrade these files? Or is the backup/restore only solution? -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Extremly slow (3-4k/s) on Win clients while Linux clients work fine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Elias Probst wrote: I've migrated a Win2k fileserver to Samba 3.0.33 on Gentoo (Kernel 2.6.28). I've haid similar problems with Samba from SUNW packages on Solaris. I've upgraded to BlastWave Samba (Dennis Clarke packages it), and it worked flawlessly from that point till this day. My advice would be, try different Samba version/relase from portage, and if it doesn't help, then try vanilla samba without any of the Gentoo - -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmm24gACgkQMfwi35Zcri1l/gCg0sZTVFANaCCqtBasTzV99dIX IewAn0psvC8VFXEa0WGwTx71S0SGD1it =/kQj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Tuesday 26 August 2008 21:30:39 Dennis Clarke wrote: Well you have my attention .. too bad you don't have a purchase order. :-) What are your problems with the new CSWsamba .. please be specific. Problem with your version 3.2.2 is the following: # /opt/csw/bin/net -V Version 3.2.2 # /opt/csw/bin/net ads testjoin [2008/08/27 14:37:58, 0] ../samba-3.2.2/source/param/params.c:(531) params.c:OpenConfFile() - Unable to open configuration file /etc/opt/csw/samba/smb.conf: No such file or directory ADS support not compiled in -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Wednesday 27 August 2008 15:17:34 John Drescher wrote: # /opt/csw/bin/net ads testjoin [2008/08/27 14:37:58, 0] ../samba-3.2.2/source/param/params.c:(531) params.c:OpenConfFile() - Unable to open configuration file /etc/opt/csw/samba/smb.conf: No such file or directory ADS support not compiled in So do you have your smb.conf at /etc/opt/csw/samba/smb.conf Wow, I didn't even notice that the configuration changed path. But anyway, it doesn't help - what's with this part: # /opt/csw/bin/net ads testjoin [2008/08/27 15:42:53, 0] ../samba-3.2.2/source/param/loadparm.c:(7172) Ignoring unknown parameter realm ADS support not compiled in -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Wednesday 27 August 2008 15:43:49 Jakov Sosic wrote: # /opt/csw/bin/net ads testjoin [2008/08/27 15:42:53, 0] ../samba-3.2.2/source/param/loadparm.c:(7172) Ignoring unknown parameter realm ADS support not compiled in OK, it seems that 3.0.32 from blastwave (thanx Dennis) works OK. I just have to figure it out how to get my 'getent passwd'/'getent group' to work with this winbindd It worked nicely with Sun's, but now I just can't get it to. # /opt/csw/bin/wbinfo -u [list of Domain users] # /opt/csw/bin/wbinfo -g [list of domain groups] # getent passwd [only /etc/passwd users, no one from domain] So, now I will need some explanations to solve this one. I already have these enteries in /etc/nsswitch.conf group: files compat winbind passwd: files compat winbind And, what about modfying pam.conf and adding winbind.so is supposed to help with what? Or is it only to allow Domain users to ssh to server with their AD credentials? Because I don't need the ssh... When I try to access the share from the Windows workstation, login screen displays, and after entering credentials, log says the following (I beleive this is the relevant part): [2008/08/27 16:24:39, 3] reply_spnego_negotiate: Got secblob of size 1271 [2008/08/27 16:24:39, 10] secrets_named_mutex: got mutex for replay cache mutex [2008/08/27 16:24:39, 10] ads_secrets_verify_ticket: enc type [1] failed to decry pt with error Bad encryption type [2008/08/27 16:24:39, 10] ads_secrets_verify_ticket: enc type [3] failed to decry pt with error Bad encryption type [2008/08/27 16:24:39, 3] ads_secrets_verify_ticket: enc type [23] failed to decry pt with error Decrypt integrity check failed [2008/08/27 16:24:39, 10] secrets_named_mutex: released mutex for replay cache mu tex [2008/08/27 16:24:39, 3] ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check failed) [2008/08/27 16:24:39, 10] ads_verify_ticket: returning error NT_STATUS_LOGON_FAIL URE [2008/08/27 16:24:39, 1] Failed to verify incoming ticket with error NT_STATUS_LO GON_FAILURE! [2008/08/27 16:24:39, 3] error packet at ../samba-3.0.32/source/smbd/sesssetup.c( 318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Tuesday 26 August 2008 00:56:22 Dennis Clarke wrote: Hi! I've installed Solaris 10 x86 (Core2Duo - x64) server, with Samba over ZFS RAID-Z. Samba is a part of Active Directory Domain. I've managed to join it to domain, to get the users and groups from A.D. and to translate them to Unix IDs. Everything works really good. Samba is installed from the packages from Solaris 10 DVD. Remove all the old CSWsamba packages. I already removed all the CSW packages... I installed them only to try the transfer rates with another Samba package. So you want to say that Sun packaged Samba has some problems and that's why the transfer rates are so messed up? But how can that be possible, I mean, Solaris is enterprise OS... And CSWSamba problem I had is the inability to join ADS. Go get Samba 3.0.31 at http://www.blastwave.org/testing/samba-3.0.31,REV=2008.08.22-SunOS5.8-i386- CSW.pkg.bz2 Or try Samba 3.2.2 : http://www.blastwave.org/testing/samba-3.2.2,REV=2008.08.22-SunOS5.8-i386-C SW.pkg.gz Pick one .. only one. Install it. You need to create your own /etc/init.d/cswsamba .. but I suggest something like this : http://www.blastwave.org/dclarke/stuff/samba/samba_3x_cswsamba.txt then create your smb.conf in /opt/csw/etc/samba Let me know how it goes. I will try it, although I hate this much experimenting with the machine that's supposed to go into production :( If the stuff works I think I will need to reinstall it from scratch :( But the main question is still the same - what about Samba packaged by Sun? From the system administrators point of view, it's working absolutely awesome (SVC startup methods, winbind, wins, PAM integration, getent, kerberos)... And to migrate all that stuff to CSW - I don't have a good experience with CSW samba so far in that point of view :( -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Tuesday 26 August 2008 18:23:18 Andrew Morgan wrote: Why not open a support ticket with Sun then, since it is their packaging of Samba that seems to be slow? :) Because I use Solaris without support, and I tought this could be a version issue perhaps (3.0.23 vs 3.0.28)? Also, I don't quite understand why is transfer performance dependant on log level settings. I mean, at 100Mbps, if log level is higher than 3 then performance drops significantly - like from theoretical 11MB/s to around 3MB/s. The hardware is powerfull enough (Core2Duo, Seagate Barracuda's 7200.11), so I just don't get it. There must be an explanation of some sort regardeless of who's the packager... -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Tuesday 26 August 2008 18:37:13 Jeremy Allison wrote: Upping the log level will kill performance. smbd does a flush after every line of a log write. OK, I've set it to 0, and still have issues with transfer rates being around 7.5-8.5 MB/s on a 100Mbit network. -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Tuesday 26 August 2008 19:23:19 Charles Marcus wrote: Max theortetical speed over a 100Mb network is 12.5MB, so 7.5-8.5 isn';t all that bad... Yes, I know that, but Windows Servers reach peak at around 10.5-11 MB/s. Also, If I switch to CSW Samba, transfer rates are almost exact (11MB/s). Then we switched server to 1Gbit interface, and Samba only manage to preform around 23MB/s. Theoretical limit is 125 MB/s, and again - CSW Samba on the same machine in the same conditions transfers files at 44MB/s (which is approximate limit of a local hard drive of a workstation). So obviously, Sun's Samba has some issues. On the other hand, I'm not satisfied with Blastwave's (CSW) Samba either. It has old SysV init script and not SVC method like it is supposed to on Solaris 10, and next problem is nmbd/winbindd don't have their scripts at all. I have to start them manually. I mean, CSW is a huge pain to maintain / configure / integrate but preforms well, while Sun's is completely oposite :( And I'm really keen to solve this one. I just can't get it - how can one Samba have issues with transfer rates, and another one not, with the same exact configuration? -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Slow and unpredictable Samba performance?
Hi! I've installed Solaris 10 x86 (Core2Duo - x64) server, with Samba over ZFS RAID-Z. Samba is a part of Active Directory Domain. I've managed to join it to domain, to get the users and groups from A.D. and to translate them to Unix IDs. Everything works really good. Samba is installed from the packages from Solaris 10 DVD. Only problem I have is the performance :( It's disastrous! On 100Mbit Realtek NIC, Samba can manage around 4 MB/s if log level is set to very high (10). If I lower it to 0, then transfer rates go up to 7.5-8.5MB/s and they fluctuate in that interval. On the same network, there is a Debian Samba server, and transfer rates go high as 10.5-11.0MB/s. Next test I did was switching to Gbit interface. That increased transfer rates up to 25 MB/s, but that is still 5 times slower than the theoretical limit. So, next thing I've tried was to switch to Blastwave (CSW) Samba instead of SUNW Samba My transfer rates went back to normal immediately! It was a bit of shock for me... I could transfer about 10MB/s on 100Mbit interface, and around 45MB/s on 1Gbit interface. 45MB/s is theoretically limit of the workstation hard drive I was doing transfers from. Sun packaged (SUNW) Samba is 3.0.28 patched today to the latest patchlevel, and CSW uses 3.0.23. I used CSW Samba with the exact same smb.conf file. Only problem is - I never managed to connect CSW samba to ADS on my network :( So I gave up on that, and I'm facing a dilemma. Managers request full speed of the Samba server (comparable to Linux/Windows shares), but I just can't connect to Domain with CSW package. So I'm asking you guys - any ideas what could be the problem with SUNW Samba and performance? Is it just the 3.0.28 vs 3.0.23 issue, or what? Why is there so big difference in transfer rates? :( I'm puzzled... -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba