Re: [Samba] Speed differences for windows clients
Your points would be a good explanation if the speed difference would occur with linux clients as well. But from linux the connection speed is close to the 1Gbit limit. Details on the setup: Linux (ubuntu 12.04 lts x64) and Windows (7 x64) clients are the same machine, just booting a different OS, an have both a 1Gbit ethernet connection and are separated through a 2x10 Gbit firewall from the two servers. The fast server has a 1 Gbit network connection, the slow server 10 Gbit (yes, that's one reason why I'm confused). The shares of both servers are the same raid file system with 400MB/s writing speed. Firewall (iptables) rules are identically on the servers and the firewall between client and servers. So I think I removed causes from the hardware and connection side as much as possible (without rewiring half of my server room). Since there doesn't seem to be something simple I forgot to check I think I can live with the slower windows clients. Thanks! Am 8/13/2013 4:06 PM, schrieb L.P.H. van Belle: can be several things for explain the difference. 1) fragmentation. 2) testfile is on server 1 at the beginning of the disk, second server at the end. 3) is the hardware the same, if not, maybe the server nic drivers is better of server 1. 4) are the harddisk the same ? speed (rpm) , throughput? , size? just some things to consider. -Oorspronkelijk bericht- Van: philipp.l...@cin.uni-tuebingen.de [mailto:samba-boun...@lists.samba.org] Namens Philipp Lies Verzonden: dinsdag 13 augustus 2013 14:11 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] Speed differences for windows clients Thanks, but here is no socket option set. Here's the smb.conf w/o shares: [global] workgroup = XXX server string = Samba Server Version %v netbios name = XXX log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 security = user passdb backend = ldapsam:ldap://localhost ldap suffix = dc=... ldap admin dn = cn=... ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap passwd sync = No ldap ssl = start tls domain master = no domain logons = yes preferred master = yes os level = 35 Pretty minimal, that's why I thought maybe someone here knows if I should set some additional parameter. Am 8/13/2013 2:07 PM, schrieb Ricky Nance: If you have a socket options line in your config, comment it out and restart smbd and see if that helps. On Aug 13, 2013 4:17 AM, Philipp Lies philipp.l...@cin.uni-tuebingen.de wrote: Am 8/13/2013 10:50 AM, schrieb L.P.H. van Belle: Try the following. Since Win7 does traffic shaping. in adminstrative dos box. run netsh interface tcp set global autotuning=disabled ( the original setting is : netsh interface tcp set global autotuningl=normal ) and test again. Thanks, this boosted the speed ~5MB/s for both connections but the difference between server 1 and server 2 is still at ~10-15 MB/s. It's nothing critical, I'm just curious what could cause this. Cheers Philipp Gr. Louis -Oorspronkelijk bericht- Van: j...@samba.org [mailto:samba-boun...@lists.samba.org] Namens Jeremy Allison Verzonden: dinsdag 13 augustus 2013 2:18 Aan: Philipp Lies CC: samba@lists.samba.org Onderwerp: Re: [Samba] Speed differences for windows clients On Mon, Aug 12, 2013 at 10:00:18AM +0200, Philipp Lies wrote: Hi, we have a strange phenomenon with the transfer speed between windows clients and samba servers. Here's the setup: server 1: centos 6.3 with samba 3.5.10 server 2: centos 6.4 with samba 3.6.9 both servers are configured as BDC and have - aside from netbios name - identical smb.conf which contains ldapsam as backend and all other parameters are not set (i.e. default) When I mount a share from a linux client, the transfer speed is ~112MB/sec to either server from any linux client. However, when I mount a share from Windows clients, the speed to server 1 is ~95MB/s and to server 2 ~85MB/s. We tested this with several windows clients (all running Windows 7 with all updates). The speed difference between linux client and windows client is not what's confusing me but that server 2 is always slower than server 1. Any ideas what could cause this? Nope. Need more data :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Speed differences for windows clients
Am 8/13/2013 2:18 AM, schrieb Jeremy Allison: On Mon, Aug 12, 2013 at 10:00:18AM +0200, Philipp Lies wrote: Hi, we have a strange phenomenon with the transfer speed between windows clients and samba servers. Here's the setup: server 1: centos 6.3 with samba 3.5.10 server 2: centos 6.4 with samba 3.6.9 both servers are configured as BDC and have - aside from netbios name - identical smb.conf which contains ldapsam as backend and all other parameters are not set (i.e. default) When I mount a share from a linux client, the transfer speed is ~112MB/sec to either server from any linux client. However, when I mount a share from Windows clients, the speed to server 1 is ~95MB/s and to server 2 ~85MB/s. We tested this with several windows clients (all running Windows 7 with all updates). The speed difference between linux client and windows client is not what's confusing me but that server 2 is always slower than server 1. Any ideas what could cause this? Nope. Need more data :-). 0010111010100101000010 - enough data? ;-) What kind of information do you need? Philipp Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Speed differences for windows clients
Am 8/13/2013 10:50 AM, schrieb L.P.H. van Belle: Try the following. Since Win7 does traffic shaping. in adminstrative dos box. run netsh interface tcp set global autotuning=disabled ( the original setting is : netsh interface tcp set global autotuningl=normal ) and test again. Thanks, this boosted the speed ~5MB/s for both connections but the difference between server 1 and server 2 is still at ~10-15 MB/s. It's nothing critical, I'm just curious what could cause this. Cheers Philipp Gr. Louis -Oorspronkelijk bericht- Van: j...@samba.org [mailto:samba-boun...@lists.samba.org] Namens Jeremy Allison Verzonden: dinsdag 13 augustus 2013 2:18 Aan: Philipp Lies CC: samba@lists.samba.org Onderwerp: Re: [Samba] Speed differences for windows clients On Mon, Aug 12, 2013 at 10:00:18AM +0200, Philipp Lies wrote: Hi, we have a strange phenomenon with the transfer speed between windows clients and samba servers. Here's the setup: server 1: centos 6.3 with samba 3.5.10 server 2: centos 6.4 with samba 3.6.9 both servers are configured as BDC and have - aside from netbios name - identical smb.conf which contains ldapsam as backend and all other parameters are not set (i.e. default) When I mount a share from a linux client, the transfer speed is ~112MB/sec to either server from any linux client. However, when I mount a share from Windows clients, the speed to server 1 is ~95MB/s and to server 2 ~85MB/s. We tested this with several windows clients (all running Windows 7 with all updates). The speed difference between linux client and windows client is not what's confusing me but that server 2 is always slower than server 1. Any ideas what could cause this? Nope. Need more data :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Speed differences for windows clients
Thanks, but here is no socket option set. Here's the smb.conf w/o shares: [global] workgroup = XXX server string = Samba Server Version %v netbios name = XXX log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 security = user passdb backend = ldapsam:ldap://localhost ldap suffix = dc=... ldap admin dn = cn=... ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap passwd sync = No ldap ssl = start tls domain master = no domain logons = yes preferred master = yes os level = 35 Pretty minimal, that's why I thought maybe someone here knows if I should set some additional parameter. Am 8/13/2013 2:07 PM, schrieb Ricky Nance: If you have a socket options line in your config, comment it out and restart smbd and see if that helps. On Aug 13, 2013 4:17 AM, Philipp Lies philipp.l...@cin.uni-tuebingen.de wrote: Am 8/13/2013 10:50 AM, schrieb L.P.H. van Belle: Try the following. Since Win7 does traffic shaping. in adminstrative dos box. run netsh interface tcp set global autotuning=disabled ( the original setting is : netsh interface tcp set global autotuningl=normal ) and test again. Thanks, this boosted the speed ~5MB/s for both connections but the difference between server 1 and server 2 is still at ~10-15 MB/s. It's nothing critical, I'm just curious what could cause this. Cheers Philipp Gr. Louis -Oorspronkelijk bericht- Van: j...@samba.org [mailto:samba-boun...@lists.samba.org] Namens Jeremy Allison Verzonden: dinsdag 13 augustus 2013 2:18 Aan: Philipp Lies CC: samba@lists.samba.org Onderwerp: Re: [Samba] Speed differences for windows clients On Mon, Aug 12, 2013 at 10:00:18AM +0200, Philipp Lies wrote: Hi, we have a strange phenomenon with the transfer speed between windows clients and samba servers. Here's the setup: server 1: centos 6.3 with samba 3.5.10 server 2: centos 6.4 with samba 3.6.9 both servers are configured as BDC and have - aside from netbios name - identical smb.conf which contains ldapsam as backend and all other parameters are not set (i.e. default) When I mount a share from a linux client, the transfer speed is ~112MB/sec to either server from any linux client. However, when I mount a share from Windows clients, the speed to server 1 is ~95MB/s and to server 2 ~85MB/s. We tested this with several windows clients (all running Windows 7 with all updates). The speed difference between linux client and windows client is not what's confusing me but that server 2 is always slower than server 1. Any ideas what could cause this? Nope. Need more data :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Speed differences for windows clients
Hi, we have a strange phenomenon with the transfer speed between windows clients and samba servers. Here's the setup: server 1: centos 6.3 with samba 3.5.10 server 2: centos 6.4 with samba 3.6.9 both servers are configured as BDC and have - aside from netbios name - identical smb.conf which contains ldapsam as backend and all other parameters are not set (i.e. default) When I mount a share from a linux client, the transfer speed is ~112MB/sec to either server from any linux client. However, when I mount a share from Windows clients, the speed to server 1 is ~95MB/s and to server 2 ~85MB/s. We tested this with several windows clients (all running Windows 7 with all updates). The speed difference between linux client and windows client is not what's confusing me but that server 2 is always slower than server 1. Any ideas what could cause this? Philipp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+LDAP: NT_STATUS_UNSUCCESSFUL because of primary group SID mismatch
Thanks for the recommendations! I was hoping that there'd be a simple solution/config parameter to force the samba server trust the LDAP (it's still puzzling me why the other machines I have do work like that). I'll try to set up my new servers as DCs and see how this goes. The idea with using the samba servers for LDAP replication as well sounds interesting. I'll look into that as well. Thanks! Philipp On 21.06.2013 10:23, Daniel Müller wrote: For me the better way would be, to run serveral openldap servers in master master replication on your DC and several BDC. And no headache about anything. Or just point your BSCs to authenticate against the DCs openldap. But when your DC is down your authentication is gone. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Freitag, 21. Juni 2013 09:58 An: Philipp Lies Cc: samba@lists.samba.org Betreff: Re: [Samba] Samba+LDAP: NT_STATUS_UNSUCCESSFUL because of primary group SID mismatch On Thu, 2013-06-20 at 10:26 +0200, Philipp Lies wrote: Hi, I'm trying to get my new samba server running for a few days now and I start losing my mind over not figuring out what I'm doing wrong. Here's my setup: OpenLDAP 2.4.21 server with ~15 groups and 100 users, all having a unix and a samba NT password stored in the LDAP as well as a User SID and Primary Group SID assigned and stored in the LDAP, derived from the SID of the LDAP Server. Now I want several samba servers to use the LDAP server to authenticate users. If you want multiple samba servers to use the same LDAP backend, they essentially all need to be domain controllers of the same domain. This is the supported way to have a single backend shared between multiple servers. You don't need to ever use the DC function from windows clients, but the servers need to think they are a DC. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba+LDAP: NT_STATUS_UNSUCCESSFUL because of primary group SID mismatch
Hi, I'm trying to get my new samba server running for a few days now and I start losing my mind over not figuring out what I'm doing wrong. Here's my setup: OpenLDAP 2.4.21 server with ~15 groups and 100 users, all having a unix and a samba NT password stored in the LDAP as well as a User SID and Primary Group SID assigned and stored in the LDAP, derived from the SID of the LDAP Server. Now I want several samba servers to use the LDAP server to authenticate users. One samba server is a CentOS 6.3 configured with NSS/PAM using the ldap server. getent passwd/group returns all users and ssh to the samba machine works for all users. Samba is v3.6.9-151.el6. Now here's the smb.conf (I removed the shares): [global] workgroup = X security = user passdb backend = ldapsam:ldap://myldapserver ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=replicator,dc=mydomain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap ssl = start tls The ldap connection works, as `pdbedit -L` shows pm_process() returned Yes smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=SAMBAHOSTNAME))] StartTLS issued: using a TLS connection smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server The LDAP server is successfully connected smbldap_search_paged: base = [dc=mydomain,dc=com], filter = [((uid=*)(objectclass=sambaSamAccount))],scope = [2], pagesize = [1024] smbldap_search_paged: search was successful sid S-1-5-21-[LDAPSID]-5168 does not belong to our domain and then the last message repeats for all uids. Using `smbclient -L localhost -U someid` the log file says: check_ntlm_password: Checking password for unmapped user [XXX]\[someid]@[SAMBAHOST] with the new password interface check_ntlm_password: mapped user is: [SAMBAHOST]\[someid]@[SAMBAHOST] StartTLS issued: using a TLS connection smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server The LDAP server is successfully connected init_sam_from_ldap: Entry found for user: someid Home server: SAMBAHOST Home server: SAMBAHOST init_group_from_ldap: Entry found for group: 1011 init_group_from_ldap: Entry found for group: 1011 Primary group S-1-5-21-[LDAPSID]-1000 for user someid is a UNKNOWN and not a domain group Forcing Primary Group to 'Domain Users' for someid ntlm_password_check: Checking NTLMv2 password with domain [CIN] sam_account_ok: Checking SMB password for user someid The primary group domain sid(S-1-5-21-[LOCALSID]-513) does not match the domain sid(S-1-5-21-[LDAPSID]) for someid(S-1-5-21-[LDAPSID]-5708) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' check_ntlm_password: Authentication for user [someid] - [someid] FAILED with error NT_STATUS_UNSUCCESSFUL What I see here is that the samba server does not recognize the primary group of the user (which is an existing group in the LDAP) and therefor maps the primary group to its local Domain Users group which then obviously does not match the domainSID of the userid. But why doesn't the samba server recognize the group? Or is there a different underlying problem? What I tried so far: Changing the SID of the samba server to the SID of the LDAP server, but `net setlocalsid S-...` did not change the local SID. No error message, just executed successfully but getlocalsid returned the old SID. Setting the domainsid of the samba server to the SID of the ldap server. `net setdomainsid S-...` was successful but the samba server still refuses to authenticate the users. Tried adding the server to the domain with `net join XXX` but the answer was just standalone server cannot join domain. I tried to run `smbpasswd -a` to add the user to the local samba db (even though this would not be an option for the final solution, but that's what other users recommended), but the error didn't change. How can I either tell samba to ignore the domain SID mismatch or force samba to have the same SID as the LDAP? Or would this cause other problems if ~10 Samba Server and the LDAP in the end all have the exact same SID? Strangely I have debian/ubuntu servers where I have the same configuration but there it works. The difference I see is that in the debian system after the Primary Group ... is UNKNOWN there is no forcing to Domain Users as group and samba just checks the password of the user and doesn't care about the primary group SID. Any ideas what I'm missing there? Philipp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
