On Mon, 2020-12-21 at 13:18 -0500, Tom Diehl via samba
wrote:> Hi,
>
> I have an AD domain running 2 4.12.10 DCs. The domain has approx 150
> users and
> approx 200 devices.
>
> In looking at the size of one of the .ldb files I see the following:
> (vdc4 pts7) # ll -h /usr/local/samba/bind-
> dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=KMG\,DC\=KEENANMOTORGROUP\,
> DC\=COM.ldb
> -rw-rw----. 2 root named 3.3G Dec 21 13:05 '/usr/local/samba/bind-
> dns/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=KMG,DC=KEENANMOTORGROUP,DC=COM
> .ldb'
> (vdc4 pts7) #
>
> If I understand things the max size of these files is 4GB.
>
> My questions are:
> 1. Is this a reasonable size for a domain this size?
No. I think something has created a lot of DNS records.
Are the files in a 'samba-tool domain backup online' produced tarfile
also as big?
These should represent the packed size of the DB, which would normally
be much smaller.
> 2. If this is reasonable, what is the best course forward?
> 3. If this seems large for a domain this size how do I troubleshoot
> this?
If we didn't have a bug with our offline backup tool and DLZ_BIND9 I
would take an offline backup with 'samba-tool domain backup offline',
but given that shut everything down, including BIND9 and take a copy.
Then look at the DB both with ldbsearch and with lower level tools like
ldbdump to see what it is. tdbtool might also tell you something.
> 4. Is there a way to reduce/compress the size of the .ldb?
If the db is just fragmented, then a tdbbackup will compress it into
packed recrods, one after the other. But inside ldb we do this already
(but have to ignore the errors if it fails, and perhaps that is the
problem).
While tdbbackup is safe on a running DB, moving the .bak file over the
original is NOT, so do this with everything off.
> 5. Am I correct that if the ldb files get to 4GB they will stop
> working/corrupt?
Yes, but do be aware that we keep doubling the file size so it might be
much less than 4GB. It won't corrupt (at least it shouldn't), but it
might stop working.
Another DC could be joined to the domain using LMDB if the limit is a
concern.
I hope this helps a little.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba