On Tue, 12 Sep 2017 19:30:42 +0100 Miguel Medalha via samba <samba at lists.samba.org> wrote:> Your problem probably comes from using the AD DC as a file server. > The file server should be separated, as recommended by the Samba > team. I get close to wire speed on dedicated member servers. > > With version 4.4.2, changes in behaviour for the "server signing" and > "client signing" parameters were introduced to address the Badlock > bug. Those changes can impact file transfer speed. Please read the > following, specifically the paragraphs relating to CVE-2016-2114 and > CVE-2016-2115. > > https://www.samba.org/samba/history/samba-4.4.2.htmlYou can use a DC as a fileserver, but I think the OP has just gone over the top with the number of shares. It also doesn't help that some of the shares are setup like the old Samba3 way, this doesn't work. I also cannot understand compiling an old version of Samba (unless it was some time ago), why not use the most upto-date version, or better still, wait until 4.7.0 comes out and then use MIT for the kerberos. Rowland
Hi Rowland The 4.5.10 was the newest of 4.5x series on that time, but the 4.5x series is still supported isn't it ? What shares are configured unproperly or like old samba way ? ----- Original Message ----- From: "samba" <samba at lists.samba.org> To: "samba" <samba at lists.samba.org> Sent: Tuesday, September 12, 2017 3:50:56 PM Subject: Re: [Samba] SMB data transfer performance on AD mode On Tue, 12 Sep 2017 19:30:42 +0100 Miguel Medalha via samba <samba at lists.samba.org> wrote:> Your problem probably comes from using the AD DC as a file server. > The file server should be separated, as recommended by the Samba > team. I get close to wire speed on dedicated member servers. > > With version 4.4.2, changes in behaviour for the "server signing" and > "client signing" parameters were introduced to address the Badlock > bug. Those changes can impact file transfer speed. Please read the > following, specifically the paragraphs relating to CVE-2016-2114 and > CVE-2016-2115. > > https://www.samba.org/samba/history/samba-4.4.2.htmlYou can use a DC as a fileserver, but I think the OP has just gone over the top with the number of shares. It also doesn't help that some of the shares are setup like the old Samba3 way, this doesn't work. I also cannot understand compiling an old version of Samba (unless it was some time ago), why not use the most upto-date version, or better still, wait until 4.7.0 comes out and then use MIT for the kerberos. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Tue, 12 Sep 2017 15:57:38 -0300 (BRT) Dante Colo <dante.colo at stwbrasil.com> wrote:> Hi Rowland > > The 4.5.10 was the newest of 4.5x series on that time, but the 4.5x > series is still supported isn't it ? What shares are configured > unproperly or like old samba way ? >Yes, 4.5.x is still supported, but, when 4.7.0 comes out, it will move to security fixes only. I would factor in upgrading Samba on a regular basis, there have been reports of problems if you go a long time between upgrades. You have to use Windows ACLs on a DC, so things like 'write list' and 'valid users' don't work, see here: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs I think that 20 shares is a bit over the top for a DC, it sort of points at you having a lot of users and computers, you will probably be better of using a separate fileserver instead. Rowland