Trent W. Buck
2013-Nov-04 06:02 UTC
[Samba] is sssd *faster* than samba4's builtin winbind?
Using samba 4.0.9 as an AD DC (no other domain servers).
Since my UIDs and GIDs have changed, I was doing cleanup:
find /srv/svn/ -xdev '(' -nouser -o -nogroup ')' -ls
I noticed this was very slow -- iostat reported only about 2tps and
50kB/s to my disks. So I timed it with nsswitch.conf users & groups set
to "files" vs. "files winbind":
# with "files"
root at gumbo:~# time find /srv/svn/ -xdev \
'(' -nouser -o -nogroup ')' -printf x >x
real 0m1.992s
user 0m1.364s
sys 0m0.580s
# with "files winbind"
root at gumbo:~# time find /srv/svn/ -xdev \
'(' -nouser -o -nogroup ')' -printf x >x
real 1m17.193s
user 0m4.956s
sys 0m4.508s
I haven't bothered trying sssd yet, because winbind worked.
But this slowdown freaks me out.
Is this normal for the samba4 AD/builtin winbind?
Should I report it to the samba BTS?
Is sssd noticably better in this respect?
The database is not unusually large:
# ldbsearch -H tdb:///var/lib/samba/private/sam.ldb cn |
grep -c ^dn:
605
# du -sh /var/lib/samba/private/
60M /var/lib/samba/private/
Matthieu Patou
2013-Nov-04 06:12 UTC
[Samba] is sssd *faster* than samba4's builtin winbind?
On 11/03/2013 10:02 PM, Trent W. Buck wrote:> Using samba 4.0.9 as an AD DC (no other domain servers). > Since my UIDs and GIDs have changed, I was doing cleanup: > > find /srv/svn/ -xdev '(' -nouser -o -nogroup ')' -ls > > I noticed this was very slow -- iostat reported only about 2tps and > 50kB/s to my disks. So I timed it with nsswitch.conf users & groups set > to "files" vs. "files winbind": > > # with "files" > root at gumbo:~# time find /srv/svn/ -xdev \ > '(' -nouser -o -nogroup ')' -printf x >x > real 0m1.992s > user 0m1.364s > sys 0m0.580s > > # with "files winbind" > root at gumbo:~# time find /srv/svn/ -xdev \ > '(' -nouser -o -nogroup ')' -printf x >x > real 1m17.193s > user 0m4.956s > sys 0m4.508s > > I haven't bothered trying sssd yet, because winbind worked. > But this slowdown freaks me out. > > Is this normal for the samba4 AD/builtin winbind? > Should I report it to the samba BTS?It's a known issue, we are working at merging the winbindd used in member mode (ie. the one that was here in 3.x version) with the one in AD to get most of the speed of this winbindd when working as a AD DC. Matthieu. -- Matthieu Patou Samba Team http://samba.org
Reasonably Related Threads
- function can permanently modify calling function via substitute?
- samba_dnsupdate: could not talk to any default name server
- enumerating group members with nss_winbind (4.0.9 as AD DC)
- My samba can't see its own groups! (4.0.9 as solo AD DC)
- [Bug 117] OpenSSH second-guesses PAM