Hello, I wanted to let you know that I'm able to succesfully work with 20000 users and several concurrent logon sessions. Instead of using /etc/smbpasswd or /etc/passwd, I chose to use /var/db/password.db. I created this file using the makefile which is located in the /var/db directory. I suppose this is an indexed version of /etc/passwd and works a lot faster than the regular flat file. Also I changed the entries for passwd and shadow in /etc/nsswitch.conf from passwd files nis ... passwd db shadow files nis ... to shadow db I have two Samba-servers: Server1 (authentication server): security = user encrypt passwords = no domain logons = yes Server2 (server with the shares): security = server encrypt passwords = no password server = server1 I've tested the servers with 50 logon sessions in about half a minute. No problems: all the clients were succesfully logged on. This was NOT the case when we used /etc/passwd or /etc/smbpasswd because of the heavy CPU- consumption of the smbd processes (idle = 0%). Although I refered to the databasefiles in /etc/nsswitch.conf, for some strange reason /etc/passwd was still used on the server with the share. Therefore I used a standard /etc/passwd file instead of the passwd file with the 20000 users. And this works fine and fast. I suppose it's in the Samba-code that it will look in /etc/passwd first when you have set security = server. Can anyone confirm this? So even if you tell Linux to use the database files, Samba won't necessarily do so. My question: If you have set security = server, for what processes exactly is /etc/passwd used? I know that you NEED to have a account on the Samba server. This is because the Unix operating system needs a username to perform various I/O operations. During these tests, I encountered some errors. * When I deleted the entry 'smbpasswd file = /etc/smbpasswd' (which I don't need since I have encrypt passwords = no) and tried to restart the daemons, I got the following error (on the server with the shares, server2): [2000/04/20 13:04:11, 0] passdb/passdb.c:pdb_generate_sam_sid(843) can't create private directory : No such file or directory [2000/04/20 13:04:11, 0] smbd/server.c:main(658) ERROR: Samba cannot create a SAM SID. * When a user succesfully logged on, I got these strange errors on the authentication server.. [2000/04/25 09:28:48, 0] smbd/password.c:password_ok(551) Error: challenge not done for user=u19331 Maybe bugs? By the way, as you can see I work with a Redhat distribution. The location of the files may be found in other directories if you work with another distribution. Kind regards, Werner Maes KULeuven -------------- next part -------------- HTML attachment scrubbed and removed
*** *** HTML mail not accepted here. *** multipart/alternative strongly discouraged. *** [werner maes]> I suppose it's in the Samba-code that it will look in /etc/passwd > first when you have set security = server. Can anyone confirm this? > So even if you tell Linux to use the database files, Samba won't > necessarily do so.Samba uses the standard C library functions getpwnam(), getpwuid(), etc, which on Linux should honor nsswitch.conf. You might try a short test: #include <sys/types.h> #include <pwd.h> int main(int argc, char *argv[]) { struct pwd *p = getpwnam(argv[1]); if(p) { printf("user : %s\n" "passwd : %s\n" "uid : %ld\n" "gid : %ld\n" "comment : %s\n" "homedir : %s\n" "shell : %s\n", p->pw_name, p->pw_passwd, (long)p->pw_uid, (long)p->pw_gid, p->pw_gecos, p->pw_home, p->pw_shell); return 0; } else { printf("`%s': user not found\n"); return 1; } } Completely untested at this end. But something like this should allow you to determine whether getpwnam() is using nsswitch or not. It will also tell you whether shadow passwords are in effect (if a non-root user can retrieve the "passwd" field, they aren't).> If you have set security = server, for what processes exactly is > /etc/passwd used? I know that you NEED to have a account on the > Samba server. This is because the Unix operating system needs a > username to perform various I/O operations.Well, technically Unix needs a numeric userid (not a username) to perform these operations; getpwnam() translates between name and numeric ID. I assume you knew this and that this is what you meant. Unix user permissions also depend on what groups the user is a member of, so /etc/group is also consulted (via getgrent() or whatever, of course). Finally, the [homes] share, if you use that, depends on knowing a user's home directory.> * When I deleted the entry 'smbpasswd file = /etc/smbpasswd' (which I > don't need since I have encrypt passwords = no) and tried to > restart the daemons, I got the following error (on the server with > the shares, server2): > > [2000/04/20 13:04:11, 0] passdb/passdb.c:pdb_generate_sam_sid(843) > can't create private directory : No such file or directory > [2000/04/20 13:04:11, 0] smbd/server.c:main(658) > ERROR: Samba cannot create a SAM SID.Probably it is trying to create /etc/samba/private or /usr/local/samba/private or something. Consult Red Hat documentation or run `strings /usr/sbin/smbd' (or wherever), to determine the default location for private files.> * When a user succesfully logged on, I got these strange errors on the > authentication server.. > > [2000/04/25 09:28:48, 0] smbd/password.c:password_ok(551) > Error: challenge not done for user=u19331Dunno.