Web lists-archives.com

Re: [Samba] winbind causing huge timeouts/delays since 4.8


On Fri, Feb 22, 2019 at 01:59:15PM +0100, Alexander Spannagel via samba wrote:
I want to share some findings with the community about hugh timeouts/delays since upgraded to samba 4.8 end of last year and a patch fixing this in our setup. It would be great if someone from samba dev team could take a look and if acceptable apply the patch to the common code base. It may also affect current stable and release candidates. The patch expects the patch from BUG 13503 "getpwnam resolves local system accounts to AD" being already applied.

Within the company i'm working for, we see frequently system hangs/slowness for a couple of seconds on servers using winbind passwd/group resolution via nsswitch.conf since we updated our OS from CentOS7.5 to CentOS7.6 which includes a samba update from 4.7 to 4.8.

We could track it down to winbind and when it is asked for an unknown local user account. This means that the users account in question is not in local passwd and doesn't contain any domain like SOMEDOMAIN\account or account@SOMEDOMAIN. The expected behavior is an immediately return with an error like "no such user" or "unknown user", but instead a call like "id unknown" takes 60+ seconds.

hm, can't reproduce:

slow@titan:~/git/samba/scratch$ git describe samba-4.8.3

slow@titan:~/git/samba/scratch$ sudo bin/net cache flush

slow@titan:~/git/samba/scratch$ time bin/wbinfo -i foo
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user foo

real    0m0.025s
user    0m0.004s
sys     0m0.004s

Can you share your full smb.conf?


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba