The config looks ok, thats great. :-)
Its not needed to stop samba running : net cache flush
If you run: net cache list and have a look, then flush it and look again.
You see its empty.
If you need to copy the idmap than it is needed to stop samba.
Can you show me an output of.
dpkg -l | egrep "tevent|tdb|ldb|talloc|cmocka"
Im running latest versions of these. Own compile or from sid/experimental.
Now my network is not that large in users, about the same computers.
If you able, you could try my new 4.8.5 builds for stretch.
I cant tell where this is coming from, i cant simulate it..
Maybe Rowland knows more about this.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Francesco Malvezzi via samba
> Verzonden: woensdag 29 augustus 2018 10:52
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] gencache.tdb size and cache flush
>
> > Hai,
> >
> >
> > It might be handing to tell your OS and samba version.
> > A copy of smb.conf is also very handy..
>
>
> oops, sorry.
>
> samba-4.8.5 compiled from source on Debian GNU/Linux 9 (stretch).
>
> smb.conf is:
>
> [global]
> netbios name = ADDC
> realm = EXAMPLE.ORG
> workgroup = EXAMPLEAD
> dns forwarder = [redacted]
> server role = active directory domain controller
> log level = 1
> log file = /var/log/samba/log.%m
> # ldap debug level = 3
> interfaces = eth0, lo
> bind interfaces only = Yes
> tls enabled = yes
> tls keyfile = /opt/samba/private/tls/addc.key
> tls certfile = /etc/ssl/certs/addc.pem
> tls cafile = /etc/ssl/certs/DigiCertCA.crt
> tls verify peer = ca_only
> ldap server require strong auth = allow_sasl_over_tls
>
> printcap name = /dev/null
> load printers = no
> printing = bsd
>
> idmap_ldb:use rfc2307 = yes
> template shell = /bin/mosh
> template homedir = /homel/%U
> kerberos method = secrets and keytab
>
> [netlogon]
> path = /opt/samba/var/locks/sysvol/unimore.it/scripts
> root preexec = /opt/netlogon/netlogon.sh %U %M %a %I
> read only = Yes
>
> [sysvol]
> path = /opt/samba/var/locks/sysvol
> read only = No
>
>
> franz
>
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >>
> >> Hi all,
> >>
> >> I have a midsize AD domain with some 50k users but only 100
> >> workstations
> >> joined.
> >>
> >> Sometimes I find server CPU throttling at 100%. In order to
> >> let it drop
> >> and have smooth performance I delete cache:
> >>
> >> systemctl stop samba
> >> net cache flush
> >> systemctl start samba
> >>
> >> First of all, is it needed a samba stop to flush the cache?
> >>
> >> Even if cache flush does the job to restore performance, I
> am clueless
> >> about the root cause of the problem. Before flushing cache the
> >> gencache.tdb had 15k entries. Is it large? Do you think is it
> >> worth time
> >> to investigate why it grows so much or is it just normal?
> >>
> >> thank you,
> >>
> >> franz
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>