Web lists-archives.com

Re: [Samba] gencache.tdb size and cache flush




On Tue, 2018-09-04 at 12:42 +0200, Volker Lendecke via samba wrote:
> On Tue, Sep 04, 2018 at 11:59:04AM +0200, Francesco Malvezzi wrote:
> > 
> > Il 04/09/18 06:00, Volker Lendecke ha scritto:
> > > 
> > > Hi!
> > > 
> > > Technical description below, but the exec summary is: Yes, we
> > > have a
> > > performance problem with gencache.
> > > 
> > > On Wed, Aug 29, 2018 at 10:28:05AM +0200, Francesco Malvezzi via
> > > samba wrote:
> > > > 
> > > > Hi all,
> > > > 
> > > > I have a midsize AD domain with some 50k users but only 100
> > > > workstations
> > > > joined.
> > > > 
> > > > Sometimes I find server CPU throttling at 100%. In order to let
> > > > it drop
> > > Can you find out where *exactly* that 100% is spent? gstack on
> > > the
> > > spinning process with debug symbols would be very helpful here.
> > not sure how to do it.
> > 
> > can be like that
> > https://gist.github.com/francescm/8e396f5470da8df8451be13777e18810
> > ?
> Yes, exactly. The relevant line is
> 
> #19 0x00007fe50c1c5a3c in dcesrv_samr_EnumDomainUsers
> 
> which means that some client is listing all users in your domain.
> With
> 50.000 users this takes a while. If the client times out and
> reconnects, this can pretty quickly pile up.
> 
> Do you have Linux clients with winbind and "winbind enum users = yes"
> in your network? This would probably do that to your DC.

And if the client can't be fixed, certainly the implementation in the
Samba AD DC SAMR server could be made much, much more efficient.  As
far as I see it, we do a objectclass=user search for every 54 users in
a page, that makes a lot of searches for 50,000 users!. 

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba