Web lists-archives.com

Re: [Samba] Samba4 shares slow




On Wed, 21 Nov 2018 11:34:40 +0100
Julien TEHERY via samba <samba@xxxxxxxxxxxxxxx> wrote:

> >> DC1 (RHEL7 - samba 4.6.4)
> > Where did you get the Samba 4.6.4 packages from, they cannot be the
> > standard RHEL7 ones, as you cannot provision an AD DC using the
> > standard RHEL Samba packages.
> >
> That's right, they have been compiled from source with ads support

Why did you use an EOL version of Samba then ?

> >> SMB1 (Ubuntu 14 - samba 4.3.11+dfsg-0ubuntu0.14.04.14)
> > Why have you used Ubuntu 14.04 ?
> > Not knocking Ubuntu here, but 14.04 goes EOL next April and Samba
> > 4.3.x is already EOL as far as Samba is concerned.
> Correct. The fact is that I informed those in charge of the former 
> domain that they should upgrade their OS first, but sadly they don't 
> intend to do it for now.
> I have to deal with this..

No, they have to deal with this, you have my permission to tell them
that I think they are stupid. From next May, Ubuntu 14.04 will no
longer be supported and with it the support for Samba 4.3.x, as I have
already said, 4.3.x is already EOL as far as Samba is concerned.

> > Your problem could be being caused by your old versions of Samba.
> >
> > Rowland
> >
> All SMB Servers have the same exact smb.conf:
> 
> [global]
>     workgroup = MYDOMAIN
>     security = ADS
>     realm = MYDOMAIN.LAN
>     netbios name = SMBSERVER1
>     encrypt passwords = yes
>     winbind separator = +
>     idmap config *:backend = tdb
>     idmap config *:range = 70001-80000
>     idmap config MYDOMAIN:backend  = rid
>     idmap config MYDOMAIN:range  = 10000-70000
>     winbind enum users = yes
>     winbind enum groups = yes
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>     winbind trusted domains only = no
>     winbind use default domain = yes
>     printcap cache time = 60
>     printcap name = cups
>     printing = cups
>     rpc_server:spoolss = external
>     rpc_daemon:spoolssd = fork
>     username map = /etc/samba/user.map
>     log level = 10
> 
>    vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
> 
> include = /etc/samba/shares.conf

Just a few comments on the smb.conf:

The default domain '*' is meant for the Well Known SID's and users &
groups outside the 'MYDOMAIN' domain. There are less than 200 hundred
Well Known SID's, do you really expect nearly 10000 users from outside
the 'MYDOMAIN' domain to connect ?

the usage of the 'winbind enum' lines can slow things down and are only
required for testing purposes.

You might want to look carefully at the smb.conf, there are duplicate
lines.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba