Sinan Ozturk
2020-Aug-28 08:16 UTC
[Samba] Slow Samba AD DC performance compared to Microsoft AD DC
Hello again, I decided to upgrade. However, my method of doing upgrade is transferring files of 14.04 Samba to new 18.04 Samba Server with version 4.7.6. The files under /etc/samba, /var/lib/samba and /etc/krb5.conf. I actually test the upgrade only replPropertyMetaData has error in database and db-check fixed it. I also checked the logs there was no problem. It looks like it is working. Is this a bad way to upgrade? What problems can occur? Thanks. ________________________________ From: samba <samba-bounces at lists.samba.org> on behalf of Andrew Bartlett via samba <samba at lists.samba.org> Sent: Friday, August 28, 2020 00:21 To: L.P.H. van Belle <belle at bazuin.nl>; samba at lists.samba.org <samba at lists.samba.org> Cc: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> Subject: Re: [Samba] Slow Samba AD DC performance compared to Microsoft AD DC Yeah, both indexed and not-indexed queries are so, so much better now. Like orders of magnitude better for an un-indexed search after we fixed some locking bugs, which showed our index scheme wasn't actually any good, so we fixed that also. I don't recall the exact numbers, but we went to the extent of writing a tool to measure Samba and windows performance and found we now within the same ball-park for certain combinations of load, db size and machine size. Andrew Bartlett On Thu, 2020-08-27 at 12:59 +0200, L.P.H. van Belle via samba wrote:> Lookup in the Windows setup where indexing is applied. > > And, upgrade you os +samba (as Rowland also said). > > Indexing on ad-object greatly improved in later samba versions. > > ldbsearch -H "$(samba -b|grep PRIVATE_DIR |awk '{ print $NF > }')/sam.ldb" -s base -b @INDEXLIST > Will show you the index one's in samba. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Sinan Ozturk via samba > > Verzonden: donderdag 27 augustus 2020 12:48 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] Slow Samba AD DC performance compared to > > Microsoft AD DC > > > > Hello everyone. > > > > I have a problem with performance of Samba AD DC. > > > > We have a Laravel application that queries both Microsoft AD > > DC and Samba AD DC. > > > > When a query comes to AD it takes 1 second to complete, > > however with Samba it can take up to 4-5 seconds. > > > > The queries are updating user, creating group and attaching > > people to groups. > > > > Samba Server has more than 6000 users. > > > > The VM has 2 CPU 2 GB Ram and Virtio network card running > > Ubuntu 14.04 with Samba 4.3.11. > > > > Is there any way I can speed up Samba server? > > > > Here is the smb.conf file > > > > ########################################################### > > # Global parameters > > [global] > > workgroup = domain > > realm = domain.COM > > netbios name = JUGGERNAUT > > server role = active directory domain controller > > dns forwarder = 172.31.238.11 > > idmap_ldb:use rfc2307 = yes > > log level = 1 > > ldap ssl = off > > ldap server require strong auth = no > > [netlogon] > > path = /var/lib/samba/sysvol/domain.com/scripts > > read only = No > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > ########################################################### > > > > Thanks. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > >-- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2020-Aug-28 08:38 UTC
[Samba] Slow Samba AD DC performance compared to Microsoft AD DC
On 28/08/2020 09:16, Sinan Ozturk via samba wrote:> Hello again, I decided to upgrade. > > However, my method of doing upgrade is transferring files of 14.04 Samba to new 18.04 Samba Server with version 4.7.6. > The files under /etc/samba, /var/lib/samba and /etc/krb5.conf. > > > I actually test the upgrade only replPropertyMetaData has error in database and db-check fixed it. I also checked the logs there was no problem. > It looks like it is working. > > Is this a bad way to upgrade?Yes, never upgrade in this way.> > What problems can occur?You are still using the old database. Set up a new computer running either Debian, Ubuntu 18.04 or Ubuntu 20.04. Install Samba, either using the distro packages or Louis's packages from here: http://apt.van-belle.nl/ Then join the new computer as a DC to your original DC. Once everything is running correctly, transfer the FSMO roles to the new DC, then demote and turn off the old DC. You could then upgrade the old DC. Rowland
Sinan Ozturk
2020-Aug-28 09:07 UTC
[Samba] Slow Samba AD DC performance compared to Microsoft AD DC
Thanks for the information. I know this is kinda out of topic but is it possible to use samba with ipa client from another domain? It is probably broke both Samba and FreeIPA client. Our servers run a different domain with FreeIPA. Samba domain is domain.com, FreeIPA domain is domain.cloud I know FreeIPA and Samba have some common config files. Thanks.>>On 28/08/2020 09:16, Sinan Ozturk via samba wrote: >> Hello again, I decided to upgrade. >> >> However, my method of doing upgrade is transferring files of 14.04 Samba to new 18.04 Samba Server with version 4.7.6. >> The files under /etc/samba, /var/lib/samba and /etc/krb5.conf. >> >> >> I actually test the upgrade only replPropertyMetaData has error in database and db-check fixed it. I also checked the logs there was no problem. >> It looks like it is working. >> >> Is this a bad way to upgrade? >Yes, never upgrade in this way. >> >> What problems can occur? > >You are still using the old database. > >Set up a new computer running either Debian, Ubuntu 18.04 or Ubuntu >20.04. Install Samba, either using the distro packages or Louis's >packages from here: http://apt.van-belle.nl/ > >Then join the new computer as a DC to your original DC. Once everything >is running correctly, transfer the FSMO roles to the new DC, then demote >and turn off the old DC. You could then upgrade the old DC. > >Rowland
Sinan Ozturk
2020-Aug-28 09:19 UTC
[Samba] Slow Samba AD DC performance compared to Microsoft AD DC
Sorry I forgot to mention. We use FreeIPA for SSH login.>Thanks for the information. > >I know this is kinda out of topic but is it possible to use samba with ipa client from another domain? > >It is probably broke both Samba and FreeIPA client. > >Our servers run a different domain with FreeIPA. Samba domain is domain.com, FreeIPA domain is domain.cloud > >I know FreeIPA and Samba have some common config files. > >Thanks. > > >>>On 28/08/2020 09:16, Sinan Ozturk via samba wrote: >>> Hello again, I decided to upgrade. >>> >>> However, my method of doing upgrade is transferring files of 14.04 Samba to new 18.04 Samba Server with version 4.7.6. >>> The files under /etc/samba, /var/lib/samba and /etc/krb5.conf. >>> >>> >>> I actually test the upgrade only replPropertyMetaData has error in database and db-check fixed it. I also checked the logs there was no problem. >>> It looks like it is working. >>> >>> Is this a bad way to upgrade? >>Yes, never upgrade in this way. >>> >>> What problems can occur? >> >>You are still using the old database. >> >>Set up a new computer running either Debian, Ubuntu 18.04 or Ubuntu >>20.04. Install Samba, either using the distro packages or Louis's >>packages from here: http://apt.van-belle.nl/ >> >>Then join the new computer as a DC to your original DC. Once everything >>is running correctly, transfer the FSMO roles to the new DC, then demote >>and turn off the old DC. You could then upgrade the old DC. >> >>Rowland________________________________ From: samba <samba-bounces at lists.samba.org> on behalf of Sinan Ozturk via samba <samba at lists.samba.org> Sent: Friday, August 28, 2020 12:07 To: L.P.H. van Belle <belle at bazuin.nl>; samba at lists.samba.org <samba at lists.samba.org>; Andrew Bartlett <abartlet at samba.org> Cc: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> Subject: Re: [Samba] Slow Samba AD DC performance compared to Microsoft AD DC Thanks for the information. I know this is kinda out of topic but is it possible to use samba with ipa client from another domain? It is probably broke both Samba and FreeIPA client. Our servers run a different domain with FreeIPA. Samba domain is domain.com, FreeIPA domain is domain.cloud I know FreeIPA and Samba have some common config files. Thanks.>>On 28/08/2020 09:16, Sinan Ozturk via samba wrote: >> Hello again, I decided to upgrade. >> >> However, my method of doing upgrade is transferring files of 14.04 Samba to new 18.04 Samba Server with version 4.7.6. >> The files under /etc/samba, /var/lib/samba and /etc/krb5.conf. >> >> >> I actually test the upgrade only replPropertyMetaData has error in database and db-check fixed it. I also checked the logs there was no problem. >> It looks like it is working. >> >> Is this a bad way to upgrade? >Yes, never upgrade in this way. >> >> What problems can occur? > >You are still using the old database. > >Set up a new computer running either Debian, Ubuntu 18.04 or Ubuntu >20.04. Install Samba, either using the distro packages or Louis's >packages from here: http://apt.van-belle.nl/ > >Then join the new computer as a DC to your original DC. Once everything >is running correctly, transfer the FSMO roles to the new DC, then demote >and turn off the old DC. You could then upgrade the old DC. > >Rowland-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2020-Aug-28 09:29 UTC
[Samba] Slow Samba AD DC performance compared to Microsoft AD DC
On 28/08/2020 10:07, Sinan Ozturk via samba wrote:> Thanks for the information. > > I know this is kinda out of topic but is it possible to use samba with ipa client from another domain? > > It is probably broke both Samba and FreeIPA client. > > Our servers run a different domain with FreeIPA. Samba domain is domain.com, FreeIPA domain is domain.cloud > > I know FreeIPA and Samba have some common config files. >Your smb.conf has 'security = user' set, this basically makes it a standalone server, so you do not need to run winbind, but you want the client to a member of a domain, so, from the Samba point of view, you need 'security = ads' and to run winbind. This is where the problem starts, from Samba 4.8.0, with 'security = domain' or 'security = ads', you must run winbind, unfortunately you cannot run winbind with sssd because they both have their own versions of the same libs. This means either run Samba with winbind against an AD domain, or Samba with sssd against an IPA domain, I do not believe you can do both. Rowland
Possibly Parallel Threads
- Slow Samba AD DC performance compared to Microsoft AD DC
- Slow Samba AD DC performance compared to Microsoft AD DC
- Slow Samba AD DC performance compared to Microsoft AD DC
- Slow Samba AD DC performance compared to Microsoft AD DC
- Slow Samba AD DC performance compared to Microsoft AD DC