Hey,
we are using rhel7 with samba and winbind packages from redhat.
it is a fileserver joined to samba 4 domain.
os: rhel7.4
samba-winbind-4.6.2-12.el7_4.x86_64
samba-winbind-clients-4.6.2-12.el7_4.x86_64
samba-winbind-modules-4.6.2-12.el7_4.x86_64
approx. 350 clients
approx. 10000 open files
see attached stripped smb.conf
the following problem exist: after a time (several hours) the winbindd
process takes 100% cpu and after a while the nss is disfunctional. Next
the system is unusable.
Has someone hints for a better more reliable setup ?
best regards
Michael
--
Michael Wandel
Braakstraße 43
33647 Bielefeld
-------------- next part --------------
[global]
workgroup = EXAMPLE-AD
security = ADS
realm = EXAMPLE-AD
idmap config * : backend = tdb
idmap config * : range = 99000 - 100000
idmap config EXAMPLE-AD : backend = ad
idmap config EXAMPLE-AD : schema_mode = rfc2307
idmap config EXAMPLE-AD : range = 200 - 90000
idmap config EXAMPLE-AD : unix_nss_info = yes
winbind use default domain = yes
winbind nss info = rfc2307
winbind cache time = 1800
printing = bsd
printcap name = /dev/null
printcap cache time = 750
map to guest = Never
usershare allow guests = No
netbios name = fsserver
server string = fsserver
comment = nsu-server
wins support = No
follow symlinks = yes
wide links = yes
unix extensions = no
dmapi support = yes
browseable = No
hide unreadable = yes
max open files = 170000
csc policy = disable
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPCNT=4 TCP_KEEPIDLE=240
TCP_KEEPINTVL=15
write cache size = 262144
use sendfile = no
winbind max clients = 400
winbind max domain connections = 4
deadtime = 10
vfs objects = readahead
On Wed, Mar 21, 2018 at 3:50 AM, Michael Wandel via samba < samba at lists.samba.org> wrote:> Hey, > > we are using rhel7 with samba and winbind packages from redhat. > > it is a fileserver joined to samba 4 domain. > > os: rhel7.4 > > samba-winbind-4.6.2-12.el7_4.x86_64 > samba-winbind-clients-4.6.2-12.el7_4.x86_64 > samba-winbind-modules-4.6.2-12.el7_4.x86_64 > > approx. 350 clients > approx. 10000 open files > > see attached stripped smb.conf > > the following problem exist: after a time (several hours) the winbindd > process takes 100% cpu and after a while the nss is disfunctional. Next > the system is unusable. >This sounds like it might be the same problem we are having. We had a perfectly functioning domain member file server running samba 4.5.5 on CentOS 7.3. When we did an in-place upgrade to samba 4.6.2 and CentOS 7.4 we had high CPU load and the file server performance was unacceptable. Our installation is much smaller than yours, only about 35 clients. The system did not become unusable, but it was slow. We reverted to a snapshot of our previous configuration and everything went back to normal. When we get some time we intend to break up the upgrade so that first we update CentOS without updating samba to see if the problem occurs. And we will probably stop the winbind daemon and run winbind in the foreground for a while to see if that gives any clues. One suggestion is that there may be lots of winbind queries for names that do not exist, and if so then configuring a larger negative winbind cache may help.