Dear all, After using samba 3 for two years, I have just spent totally one week finishing setting up a samba 4 file system in my working school. There are about 200 computers, 80+ staff, 1000 students and 10 printers. The AD was properly setup, mandatory profile and one GPO policy (which is printer download trust) is effective for all users. Logon script is for mapping four shares and 10 printers from the file server. Also, I have setup two additional DCs (with AD replication and DHCP server) for two other subnets in the hope to speed up the logon process. The benefits of Samba 4 are clear: more robust file serving (supporting the windows ACL), speedy printing (with the help of point and printer driver) and administration of AD through with windows remote admin tool. However, logon speed is just far from good. In the days of Samba 3.6, users can logon the system within 20 seconds, even with more than 80 users logon in the same time (two classes students login during computer lesson). Now, with only one user logging in (who is me), it takes nearly 60 seconds to do the logon. I have tried disabling drive and printer mapping in logon script and applying a registry hack (note 1) shorten the profile waiting time in windows 7 client side but it makes no difference in logon speed. I have taken a look on the document in sambaXP 2013: http://sambaxp.org/fileadmin/user_upload/SambaXP2013-DATA/thu/track1/Matthieu_Patou-Smaller_Faster_Scalier.pdf and two thread in samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2013-January/089755.html https://lists.samba.org/archive/samba-technical/2013-May/092332.html It seems that samba team is doing some great work in spotting the unindexed search in LDB as one of block in performance. Certainly, I can wait for the new version 4.0.X for the boost of performance. However, I am in deep panic when lessons are going to be launched on 1st September 2013 here in Hong Kong. Are there any patches so that I can a hot / dirty fix? Thanks for attending. Kinglok, Fong Note: "Set maximum wait time for the network if a user has a roaming...." to 1 (setting it to 0 will default it to 30 seconds) and "Startup policy processing wait time..." to 1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 841 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.samba.org/pipermail/samba/attachments/20130727/31921a88/attachment.pgp>
On Sat, Jul 27, 2013 at 8:20 AM, Kinglok, Fong <busywater at gmail.com> wrote:> Dear all, > > After using samba 3 for two years, I have just spent totally one week finishing setting > up a samba 4 file system in my working school. There are about 200 computers, > 80+ staff, 1000 students and 10 printers. The AD was properly setup, mandatory > profile and one GPO policy (which is printer download trust) is effective for all users. > Logon script is for mapping four shares and 10 printers from the file server. Also, I > have setup two additional DCs (with AD replication and DHCP server) for two other > subnets in the hope to speed up the logon process.Hmmm, some further info might be useful. Is the Samba server an AD DC or a simple member server? Do you know (perhaps from a capture) whether the excess logon time is mostly caused by the initial authentication or by trying to retrieve the GPO and/or roaming profiles? Do you know whether or not Kerberos is being used or if the client is falling back to NTLM? -- Regards, Richard Sharpe (??????????--??)
On Sat, 2013-07-27 at 23:20 +0800, Kinglok, Fong wrote:> Dear all, > > After using samba 3 for two years, I have just spent totally one week > finishing setting up a samba 4 file system in my working school. > There are about 200 computers, 80+ staff, 1000 students and 10 > printers. The AD was properly setup, mandatory profile and one GPO > policy (which is printer download trust) is effective for all users. > Logon script is for mapping four shares and 10 printers from the file > server. Also, I have setup two additional DCs (with AD replication > and DHCP server) for two other subnets in the hope to speed up the > logon process. > > The benefits of Samba 4 are clear: more robust file serving > (supporting the windows ACL), speedy printing (with the help of point > and printer driver) and administration of AD through with windows > remote admin tool. However, logon speed is just far from good. > > In the days of Samba 3.6, users can logon the system within 20 > seconds, even with more than 80 users logon in the same time (two > classes students login during computer lesson). Now, with only one > user logging in (who is me), it takes nearly 60 seconds to do the > logon. I have tried disabling drive and printer mapping in logon > script and applying a registry hack (note 1) shorten the profile > waiting time in windows 7 client side but it makes no difference in > logon speed. > > I have taken a look on the document in sambaXP 2013: > http://sambaxp.org/fileadmin/user_upload/SambaXP2013-DATA/thu/track1/Matthieu_Patou-Smaller_Faster_Scalier.pdf > > and two thread in samba-technical mailing list: > https://lists.samba.org/archive/samba-technical/2013-January/089755.html > https://lists.samba.org/archive/samba-technical/2013-May/092332.html > > It seems that samba team is doing some great work in spotting the > unindexed search in LDB as one of block in performance.It is one block, but it is the one we expect to really hit at around 10000, not 1000-2000. As Richard has indicated, what we need from you is an indication of what operation is slow. Timeouts of this order indicate something different to a slow database - they indicate things like DNS timeing out. Once you work out which specific operation is blocking, we can investigate more - be it in regards to your network, or our code, we don't mind either way, but we need to work out which to look into. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz
On 07/27/2013 08:20 AM, Kinglok, Fong wrote:> Dear all, > > After using samba 3 for two years, I have just spent totally one week finishing setting up a samba 4 file system in my working school. There are about 200 computers, 80+ staff, 1000 students and 10 printers. The AD was properly setup, mandatory profile and one GPO policy (which is printer download trust) is effective for all users. Logon script is for mapping four shares and 10 printers from the file server. Also, I have setup two additional DCs (with AD replication and DHCP server) for two other subnets in the hope to speed up the logon process. > > The benefits of Samba 4 are clear: more robust file serving (supporting the windows ACL), speedy printing (with the help of point and printer driver) and administration of AD through with windows remote admin tool. However, logon speed is just far from good. > > In the days of Samba 3.6, users can logon the system within 20 seconds, even with more than 80 users logon in the same time (two classes students login during computer lesson). Now, with only one user logging in (who is me), it takes nearly 60 seconds to do the logon. I have tried disabling drive and printer mapping in logon script and applying a registry hack (note 1) shorten the profile waiting time in windows 7 client side but it makes no difference in logon speed. > > I have taken a look on the document in sambaXP 2013: > http://sambaxp.org/fileadmin/user_upload/SambaXP2013-DATA/thu/track1/Matthieu_Patou-Smaller_Faster_Scalier.pdf > > and two thread in samba-technical mailing list: > https://lists.samba.org/archive/samba-technical/2013-January/089755.html > https://lists.samba.org/archive/samba-technical/2013-May/092332.html > > It seems that samba team is doing some great work in spotting the unindexed search in LDB as one of block in performance. Certainly, I can wait for the new version 4.0.X for the boost of performance. However, I am in deep panic when lessons are going to be launched on 1st September 2013 here in Hong Kong. Are there any patches so that I can a hot / dirty fix? >I don't think the problem is in the database in your case, can you do a tcpdump trace starting just before the client is logging on and stopping it after the logon (ie the 60 sec or so), see https://wiki.samba.org/index.php/Capture_Packets on how to the tcpdump capture. With this trace we should be able to see where is the delay. Matthieu. -- Matthieu Patou Samba Team http://samba.org