I have to mention too that the workstations are windows XP.
-------- Message original --------
Sujet: HUGE delays during logon time
Date : Wed, 16 Feb 2011 15:47:36 +0100
De : ?ric le h?naff <eric.le.henaff at ens.fr>
Pour : samba at lists.samba.org
Hello list
i recently replaced (1st of january) our old samba server
(debian+samba3.0.14a) to a new one (debian squeeze+samba3.5.6).
we now have HUGE delays during logon time, up to 8 minutes. The client
and servers seems to do nothing during that time.
This afternoon, i tried to logon to a workstation. Here is the log.
in log.ul_102:
[2011/02/16 14:53:31.267254, 1] smbd/service.c:1070(make_connection_snum)
ul_102 (::ffff:129.199.59.66) connect to service profiles initially
as user *** (uid=1416, gid=513) (pid 2644)
[2011/02/16 15:26:45.286766, 1] smbd/service.c:1251(close_cnum)
ul_102 (::ffff:129.199.59.66) closed connection to service profiles
[2011/02/16 15:26:45.319614, 1] smbd/service.c:1070(make_connection_snum)
ul_102 (::ffff:129.199.59.66) connect to service netlogon initially
as user *** (uid=1416, gid=513) (pid 2644)
[2011/02/16 15:26:48.103532, 1] smbd/service.c:1070(make_connection_snum)
ul_102 (::ffff:129.199.59.66) connect to service users initially as
user *** (uid=0, gid=513) (pid 2644)
So it took 33 minutes !!!
It seems it's getting worse.
Is it a known problem ? Anybody else encountered it ?
Is there a way to correct the problem ?
The first connection to service profiles failed. It restarted 33 minutes
later and succeeded.
The problem may come from service profiles. We have roaming profiles and
have problems with them. But i think that if the profiles where
misconfigured, it should'nt work at all, should it?
Thanks for any suggestions or solutions.
here is my smb.conf :
#======================= Param?tres globaux ======================[global]
## Browsing/Identification ###
workgroup = ***
netbios name = ***
server string = %h
## PDC
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
local master = Yes
dns proxy = no
wins support = yes
#### Debugging/Accounting ####
# c'est ? dire le log
log file = /var/log/samba/log.%m
syslog = 0
panic action = /usr/share/samba/panic-action %d
log level = 1
########## Authentification ##########
#
security = user
# met ? jour le mdp ldap en plus du mdp win
# utile pour les applis qui s'authentifient sur le ldap comme cotation
ldap passwd sync = Yes
# LDAP
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=ens,dc=fr
ldap suffix = dc=ens,dc=fr
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = off
add machine script = /usr/sbin/smbldap-useradd -w "%u"
# j'ai lu qu'il fallait -W pour les win7 ; ? v?rifier
rename user script = /usr/sbin/smbldap-usermod -r '%unew'
'%uold'
#### Impression ####
load printers = yes
printing = cups
printcap name = cups
# printer admin = "@Domain Admins"
#### Divers ####
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=819
# j'aime pas les oplocks!! alors j'enl?ve
use sendfile = no
oplocks = no
level2 oplocks = no
# Serveur de temps (net time \\serveur /set /y)
time server = yes
map acl inherit = yes
#======================= D?finitions des partages ======================
### Partages des utilisateurs
[profiles]
path = /shares/profiles
read only = no
create mask = 0600
# create mask = 0640
directory mask = 0700
# directory mask = 0750
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
admin users = ***
[users]
path = /shares/users
read only = No
directory mode = 0770
create mode = 0770
admin users = "@Domain Admins"
[groups]
path = /shares/groups
read only = No
# pour les repertoires
directory mode = 0750
# pour les fichiers
create mode = 0740
admin users = "@Domain Admins"
vfs object = recycle
recycle:keeptree = Yes
recycle:versions = Yes
recycle:touch = yes
recycle:repository = .recycle/%U
recycle:exclude = *#
recycle:minsize = 1
### partages du syst?mes
[netlogon]
comment = Network Logon Service
path = /shares/netlogon
read only = No
browsable = No
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
browseable = no
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
valid users = "@Domain Admins" @"Print Operators"
write list = "@Domain Admins" @"Print Operators"
create mask = 0664
directory mask = 0775
### petits partages utiles aux informaticiens
[scripts]
comment = scripts partag?s
path = /shares/scripts
read only = no
admin users = "@Domain Admins"
[wpkg]
comment = wpkg
path = /shares/wpkg
valid users = "@Domain Admins"
read only = no
(END)
--
?ric LE H?NAFF
?cole normale sup?rieure de Paris, rue d'ulm - RUBENS
Informaticien, Ing?nieur d?veloppements et syst?mes aupr?s du R?seau des
biblioth?ques de l'ENS
Pr?f?rez firefox! http://www.mozilla-europe.org/fr/
SVP, ?vitez de m'envoyer des attachements au format Word, Excel ou
PowerPoint.
Pr?f?rez les formats rtf, csv, html ou pdf au lieu des formats word et
excel.
Voir http://www.gnu.org/philosophy/no-word-attachments.fr.html pour plus
d'explications.
