samba - Sep 2022 - Samba-LDAP with 100%CPU with connections in CLOSE_WAIT

Hi,

since some time we are facing a small problem:


We are using samba (4.15.9-15) as AD-DC. As clients we have some NetAPP-FAS
running which doing the auth. via LDAP. On NetApp timeouts for LDAP are set to
3sec per default.

Some queries seem to need more time to answer so the client tries to close the
connection but the (samba-)server-part leaves the socket open in CLOSE_WAIT.

In some of such cases the corresponding process (ldap-worker) runs forever(?)
with 100% cpu. A strace shows the ldap-worker pushing some info (the answer?)?
to the socket. If one let it go the server slows down gradually while more and
more connections stay in CLOSE_WAIT.


A workaround is to set the timeout to 5-6sec, of course.

But i think the server should close it's end of the connection also.

Furthermore are there some recommandation for setup the timeouts?


Steffen

On Mon, Sep 19, 2022 at 05:20:04PM +0200, Steffen via samba
wrote:
>Hi,
>
>since some time we are facing a small problem:
>
>
>We are using samba (4.15.9-15) as AD-DC. As clients we have some NetAPP-FAS
running which doing the auth. via LDAP. On NetApp timeouts for LDAP are set to
3sec per default.
>
>Some queries seem to need more time to answer so the client tries to close
the connection but the (samba-)server-part leaves the socket open in CLOSE_WAIT.
>
>In some of such cases the corresponding process (ldap-worker) runs
forever(?) with 100% cpu. A strace shows the ldap-worker pushing some info (the
answer?)? to the socket. If one let it go the server slows down gradually while
more and more connections stay in CLOSE_WAIT.
Can you post an strace, followed by a stack backtrace
from gdb of an ldap-worker process in such a state.

That would help debug - thanks !