Hi All, I am using winbind and ntlm auth in Freeradius. At the moment that seems to be a major bottleneck. It seems like the ntlm_auth execution is taking a while , what all options can improve this . For starters adding TCP_NODELAY in smb.conf seems to have helped a little. Many Thanks
L.P.H. van Belle
2017-Sep-01 09:43 UTC
[Samba] Advice on Winbindd and NTLM Auth Performance
Hai, Is suggest, post you OS info and smb.conf that helps. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Arnab Roy via samba > Verzonden: vrijdag 1 september 2017 11:36 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Advice on Winbindd and NTLM Auth Performance > > Hi All, > > I am using winbind and ntlm auth in Freeradius. At the moment > that seems to be a major bottleneck. It seems like the > ntlm_auth execution is taking a while , what all options can > improve this . > > For starters adding TCP_NODELAY in smb.conf seems to have > helped a little. > > Many Thanks > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi Louis, Yes of course that would help duh! apologies the OS is fedora 25 Samba version samba-4.5.10-0.fc25.x86_64 smb.conf server string = Samba Server MY-NETWORKS hosts allow = 127. log file = /var/log/samba/log-MY-NETWORKS.%m log level = 0 max log size = 50 security = ads encrypt passwords = yes passdb backend = tdbsam load printers = no cups options = raw printcap name = /dev/null allow trusted domains = yes ntlm auth = yes WORKGROUP=MY-NETWORKS REALM=my-networks.com password server = x.x.x.x y.y.y.y pid directory = /var/run/samba/my-networks.com lock directory = /var/cache/samba/my-networks.com private dir = /var/cache/samba/my-networks.com winbindd socket directory = /var/cache/samba/my-networks.com winbindd privileged socket directory = /var/cache/samba/ my-networks.com/winbindd_privileged smb passwd file = /var/cache/samba/my-networks.com state directory = /var/cache/samba/my-networks.com cache directory = /var/cache/samba/my-networks.com ntp signd socket directory = /var/cache/samba/my-networks.com winbind offline logon = true socket options = TCP_NODELAY IPTOS_LOWDELAY getwd cache winbind max domain connections = 250 winbind max clients = 5000 My question can I cache the logins or do something to speed things up ? TIA On Fri, Sep 1, 2017 at 10:43 AM, L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> Hai, > > Is suggest, post you OS info and smb.conf that helps. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Arnab Roy via samba > > Verzonden: vrijdag 1 september 2017 11:36 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] Advice on Winbindd and NTLM Auth Performance > > > > Hi All, > > > > I am using winbind and ntlm auth in Freeradius. At the moment > > that seems to be a major bottleneck. It seems like the > > ntlm_auth execution is taking a while , what all options can > > improve this . > > > > For starters adding TCP_NODELAY in smb.conf seems to have > > helped a little. > > > > Many Thanks > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett
2017-Sep-01 10:10 UTC
[Samba] Advice on Winbindd and NTLM Auth Performance
On Fri, 2017-09-01 at 10:36 +0100, Arnab Roy via samba wrote:> Hi All, > > I am using winbind and ntlm auth in Freeradius. At the moment that seems to > be a major bottleneck. It seems like the ntlm_auth execution is taking a > while , what all options can improve this .What is your DC, and how far away it it network-wise? Have you tried setting winbind max domain connections = 10 and winbind offline logon = no (actually the default, but you might have set it without realising it doesn't help with NTLM authentication).> For starters adding TCP_NODELAY in smb.conf seems to have helped a little.That is unlikely to be at all related. NTLM authentication has to be checked at the DC, so it can't be cached. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
L.P.H. van Belle
2017-Sep-01 10:10 UTC
[Samba] Advice on Winbindd and NTLM Auth Performance
ok, i suggest, you start here. https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Now i can type out a correct config, below is missing multiple things. So i preffer you read above, adjust and post the smb.conf again (! before you apply it on the server) As pointer, where are the IDMAP lines for example. This way, we can tell whats still wrong, and why, and this should result in a better understanding for you. and in the end a small and good smb.conf. Last, if your able to upgrade to Fedora 26, you get samba 4.6.7, which i really advice. Greetz, Louis Van: Arnab Roy [mailto:arniekol at gmail.com] Verzonden: vrijdag 1 september 2017 11:53 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Advice on Winbindd and NTLM Auth Performance Hi Louis, Yes of course that would help duh! apologies the OS is fedora 25 Samba version samba-4.5.10-0.fc25.x86_64 smb.conf server string = Samba Server MY-NETWORKS hosts allow = 127. log file = /var/log/samba/log-MY-NETWORKS.%m log level = 0 max log size = 50 security = ads encrypt passwords = yes passdb backend = tdbsam load printers = no cups options = raw printcap name = /dev/null allow trusted domains = yes ntlm auth = yes WORKGROUP=MY-NETWORKS REALM=my-networks.com password server = x.x.x.x y.y.y.y pid directory = /var/run/samba/my-networks.com lock directory = /var/cache/samba/my-networks.com private dir = /var/cache/samba/my-networks.com winbindd socket directory = /var/cache/samba/my-networks.com winbindd privileged socket directory = /var/cache/samba/my-networks.com/winbindd_privileged smb passwd file = /var/cache/samba/my-networks.com state directory = /var/cache/samba/my-networks.com cache directory = /var/cache/samba/my-networks.com ntp signd socket directory = /var/cache/samba/my-networks.com winbind offline logon = true socket options = TCP_NODELAY IPTOS_LOWDELAY getwd cache winbind max domain connections = 250 winbind max clients = 5000 My question can I cache the logins or do something to speed things up ? TIA On Fri, Sep 1, 2017 at 10:43 AM, L.P.H. van Belle via samba <samba at lists.samba.org> wrote: Hai, Is suggest, post you OS info and smb.conf that helps. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Arnab Roy via samba > Verzonden: vrijdag 1 september 2017 11:36 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Advice on Winbindd and NTLM Auth Performance > > Hi All, > > I am using winbind and ntlm auth in Freeradius. At the moment > that seems to be a major bottleneck. It seems like the > ntlm_auth execution is taking a while , what all options can > improve this . > > For starters adding TCP_NODELAY in smb.conf seems to have > helped a little. > > Many Thanks> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba