Thomas Mainzer
2005-Apr-06 09:23 UTC
[Samba] Multiple Samba installations on one Solaris 8 machine
Hi! We use the Winbind part of Samba 3 for authenticating users coming from the Squid Caching Server via NTLM with an NT4 domain. We have seven Squid instances and one Winbind instance running on a Sun Fire V480 with 4 cpu?s. We have some performance problems with approx. 10.000 User simultaniously users surfing the web and we think Winbind is the problem. While using the transparent authentication sometimes an inputbox comes up and asks the user to authenticate instead of doing this transparent. Is there any possibility to install Samba/Winbind more than one time to spread the load on Winbind? What about the computer account needed with the NT4 domain? Can all installed Samba instances use one computer account for authenticating themselves to the NT4 domain? Thanks for helping. Thomas
Andrew Bartlett
2005-Apr-10 07:50 UTC
[Samba] Multiple Samba installations on one Solaris 8 machine
On Wed, 2005-04-06 at 11:22 +0200, Thomas Mainzer wrote:> Hi! > > We use the Winbind part of Samba 3 for authenticating users coming > from the Squid Caching Server via NTLM with an NT4 domain. We have > seven Squid instances and one Winbind instance running on a Sun Fire > V480 with 4 cpu?s. > > We have some performance problems with approx. 10.000 User > simultaniously users surfing the web and we think Winbind is the > problem. While using the transparent authentication sometimes an > inputbox comes up and asks the user to authenticate instead of doing > this transparent.Have you traced to see if the error is Samba failing, or simply the link between Squid and the windows client failing?> Is there any possibility to install Samba/Winbind more than one time > to spread the load on Winbind? What about the computer account needed > with the NT4 domain? Can all installed Samba instances use one > computer account for authenticating themselves to the NT4 domain?It is not really possible to setup multiple copies of winbind on a single machine, aside from a chroot(), because of the socket in /tmp. However, winbind can be made better - I looked into the idea of having multiple outstanding requests to the NT DC, using Samba4 as a research tool. This does not seem possible at this point, but we do need to keep looking at it. Perhaps this is why microsoft demands that their NTLM proxy server be a BDC... (or so I understand). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050410/49fbe9d4/attachment.bin
Thomas Mainzer
2005-Apr-11 12:44 UTC
[Samba] Multiple Samba installations on one Solaris 8 machine
Hello Andrew, On Apr 10, 2005 9:50 AM, Andrew Bartlett <abartlet@samba.org> wrote:> On Wed, 2005-04-06 at 11:22 +0200, Thomas Mainzer wrote: > > Hi! > > > > We use the Winbind part of Samba 3 for authenticating users coming > > from the Squid Caching Server via NTLM with an NT4 domain. We have > > seven Squid instances and one Winbind instance running on a Sun Fire > > V480 with 4 cpu?s. > > > > We have some performance problems with approx. 10.000 User > > simultaniously users surfing the web and we think Winbind is the > > problem. While using the transparent authentication sometimes an > > inputbox comes up and asks the user to authenticate instead of doing > > this transparent. > > Have you traced to see if the error is Samba failing, or simply the link > between Squid and the windows client failing? >We tried Samba 2 before. When such an event occured the helpers were crashing very rapidly and Squid used to terminate abnormally and started again.> > Is there any possibility to install Samba/Winbind more than one time > > to spread the load on Winbind? What about the computer account needed > > with the NT4 domain? Can all installed Samba instances use one > > computer account for authenticating themselves to the NT4 domain? > > It is not really possible to setup multiple copies of winbind on a > single machine, aside from a chroot(), because of the socket in /tmp. > > However, winbind can be made better - I looked into the idea of having > multiple outstanding requests to the NT DC, using Samba4 as a research > tool. This does not seem possible at this point, but we do need to keep > looking at it. Perhaps this is why microsoft demands that their NTLM > proxy server be a BDC... (or so I understand).What about the computer account that is needed for each Samba installation? Is it possible to use one single computer account for multiple Samba instances? Is it possible, that all Samba installations share one "secrets.tdb"? We made multiple installations of winbind possible after compiling a unique socket path in every instance.> > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Student Network Administrator, Hawker College http://hawkerc.net > > >Thanks in advance Thomas ---------------------------------- An Apple a day keeps Windows away!