Hello, I have defined 20.000 users on a Samba-server. The samba-server takes care of domain logons. When several users try to authenticate at THE SAME time the server can't follow: only the first users can succesfully logon. When they don't logon simultaneously there's no problem. For example: 20 users log on at exactly the same time. This situation occurs in our pc-rooms when students log on at the start of a course. When I look at the server, I see that the cpu-idle time is 0 % when that many users try to connect at the same time. The clients receive an error : "The password you supplied is incorrect or access to the logon server has been denied". I suspect that the reason is that our smbpasswd is quite big (2 Mb) and for each connection the server has to look up the user in this file to see if he's a valid user or not. The server is a Pentium 166 MHz. If we would user a faster server, things would be better, but I still fear errors when many users log on at the same time since our worst case scenario is that 200 users log on simultaneously (we have 9 pc-rooms). Solution: I didn't use the smbpasswd file but I used the passwd file instead. I have a database version of the passwd file in /var/db/password.db. I had to set encrypt passwords to no and apply the registry change on Win95 to enable plaintext passwords.. Does anyone know whether this is also possible with smbpasswd? I mean, create a database file or any other solution. Thanks, Werner Maes KULeuven
werner maes wrote:> I have defined 20.000 users on a Samba-server. > When several users try to authenticate at THE SAME time the server can't > follow: only the first users can succesfully logon.> I suspect that the reason is that our smbpasswd is quite big (2 Mb) and > for each connection > the server has to look up the user in this file to see if he's a valid > user or not.Yup! It's a timing problem. Another university had it too, and diagnosed it as such: you can simulate it with a bunch of smbclients running parallell.> Solution: I didn't use the smbpasswd file but I used the passwd file > instead. I have > a database version of the passwd file in /var/db/password.db. I had to > set encrypt > passwords to no and apply the registry change on Win95 to enable > plaintext passwords.. >Putting the password file into dbm obviously is the correction! So would be a dbm version of the samba password file. Personally (I have a bias, see below), I'd leave the passwords in the dbm'd /etc/password and put a copy of the plain-password .reg files in a passwordless share and in people's logon.bat files. --dave [ The Windows encrypted-password scheme is necessary but not sufficient on the internet, but just silly on private nets. Since all the data is sent in plain text anyway, you need firewalls and VPNs for any use of smb] -- David Collier-Brown in Boston Phone: (781) 442-0734, Room BUR03-3632
[werner maes]> I have defined 20.000 users on a Samba-server. The samba-server takes > care of domain logons.[...]> The server is a Pentium 166 MHz. If we would user a faster server, > things would be better, but I still fear errors when many users log > on at the same time since our worst case scenario is that 200 users > log on simultaneously (we have 9 pc-rooms).Try asking an NT guru for tips on tuning an NT Server for 200 simultaneous logins in a database of 20000 users, all from a single Pentium 166 PDC. The immediate answer: "You must be mad. Upgrade immediately." This is what I love about Samba and Unix: these kinds of things are actually possible. I think you've hit on the right solution -- database files instead of a flat text file. I don't know if this has been implemented in Samba; I don't see any evidence that it has. Alternatively, you can make use of an external database. Samba-TNG seems to have some support for LDAP, LDAP/Windows 2000, and MySQL as database backends. (Of those three, I believe Samba-2.0.6 only supports LDAP.) One advantage to using a client-server approach like these is that it makes it easy to share the workload between two computers (the database server and the Samba server). Peter
At 13:37 15/04/2000 -0500, Peter Samuelson wrote:> >[werner maes] >> I have defined 20.000 users on a Samba-server. The samba-server takes >> care of domain logons. >[...] >> The server is a Pentium 166 MHz. If we would user a faster server, >> things would be better, but I still fear errors when many users log >> on at the same time since our worst case scenario is that 200 users >> log on simultaneously (we have 9 pc-rooms). > >Try asking an NT guru for tips on tuning an NT Server for 200 >simultaneous logins in a database of 20000 users, all from a single >Pentium 166 PDC. The immediate answer: "You must be mad. Upgrade >immediately." This is what I love about Samba and Unix: these kinds of >things are actually possible. > >I think you've hit on the right solution -- database files instead of a >flat text file. I don't know if this has been implemented in Samba; I >don't see any evidence that it has. Alternatively, you can make use of >an external database. Samba-TNG seems to have some support for LDAP, >LDAP/Windows 2000, and MySQL as database backends. (Of those three, I >believe Samba-2.0.6 only supports LDAP.) One advantage to using a >client-server approach like these is that it makes it easy to share the >workload between two computers (the database server and the Samba >server).What I've done so far: * I've set encrypt passwords = no * Applied the registry patch on my clients * Use a databased version of /etc/passwd, /var/db/password.db. I do not know whether it's possible to create a database file from /etc/smbpasswd. * I've done some tests with LDAP (openldap). This seems to work but I still have to test whether it works fine with 60 concurrent logins. With LDAP it's possible to do authentication against the LDAP-server instead of passwd. * Ideas? Werner