SMB data transfer performance on AD mode

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

SMB data transfer performance on AD mode

Samba - General mailing list
Hi Everyone !

I note that all of samba AD server that i maintain are not so fast in terms of data transfer, more specifically none of them go over 40 MB/s , one particularly which i'm trying to find out why doesn't go over 20 MB/s , transfering data using other protocols like FTP , rsync , rsync over ssh on any of these machines i can easily achieve 80 MB/s ,i also can get the same on Samba if i run it as a basic standalone file server or classic pdc nt4 mode, is this normal ? I didn't try yet to deploy a basic file server and join a samba AD , is this better than use AD server itself in terms of data transfer performance ?

Regards
Dante F. B. Colò
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
On Tue, Sep 12, 2017 at 12:52:29PM -0300, Dante Colo via samba wrote:
> Hi Everyone !
>
> I note that all of samba AD server that i maintain are not so fast in terms of data transfer, more specifically none of them go over 40 MB/s , one particularly which i'm trying to find out why doesn't go over 20 MB/s , transfering data using other protocols like FTP , rsync , rsync over ssh on any of these machines i can easily achieve 80 MB/s ,i also can get the same on Samba if i run it as a basic standalone file server or classic pdc nt4 mode, is this normal ? I didn't try yet to deploy a basic file server and join a samba AD , is this better than use AD server itself in terms of data transfer performance ?

ENODATA :-). We need much more information
on your setup in order to help.

Otherwise, this is equivalent to "my car won't
go faster than 40 mph, what's wrong ?"

There are a multitude of possible problems :-).

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
Hello Jeremy

Thanks for reply , i'm using samba 4.5.10 compiled from source on CentOS 6 and 7 running as AD mode on all servers, network infrastructure components are all Gigabit ethernet 1000 BaseT, clients are all windows 7 and 10 machines, i'll post below Samba build options and smb.conf of one of my servers. I use full_audit module on many shares, but i don't see any difference in transfer performance on shares that don't have this module enabled. I also used Sernet binary packages before but after upgrade to newer versions compiled from source i didn't see any performance loss or gain in terms of data transfer. Any recomendations ?



./configure --jobs=4 -vp --fatal-errors --slow --enable-debug --enable-selftest  --with-logdir=/var/log/samba --sysconfdir=/etc --localstatedir=/var/lib/samba  --oldincludedir=/usr/local/samba/old_include --man    dir=/usr/share/man  --with-statedir=/var/lib/samba --with-privatedir=/var/lib/samba/private --with-piddir=/var/run/samba --with-cachedir=/var/cache/samba --with-lockdir=/var/lib/samba/locks --with-logfilebase=/var/log/samba --with-sockets-dir=/var/run/samba --with-configdir=/etc/samba



[global]
        bind interfaces only = yes
        interfaces = lo em1
        workgroup = SOTOPIETRA
        realm = SOTOPIETRA.LOCAL
        netbios name = S11
        server string = SOTOPIETRA-PDC
        server role = active directory domain controller
        dns forwarder = 192.168.0.2
        time server = yes
        ntp signd socket directory = /var/lib/samba/ntp_signd
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
        max log size = 4096
        debug class = yes
        debug prefix timestamp = yes
        log file = /var/log/samba/log.%I
       log level = 1
        printing = bsd
        load printers = no
        printcap name = /dev/null
        disable spoolss = yes
        smb2 leases = no
       
[netlogon]
        path = /var/lib/samba/sysvol/sotopietra.local/scripts
        read only = yes
        browsable = no
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
        browsable = yes
[profiles]
        path = /samba/profiles
        writable = yes
        browsable = yes
[Homedirs]
        path = /samba/homedirs
        writable = yes
        browsable = yes
[RH]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/rh
[Gerencia]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/gerencia
[Financeiro]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/financeiro
[Administrativo-Thais]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/administrativo_thais
[Virtua]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/virtua
[Base Virtua]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        write list = leonardo.soares
        read list = administrator
        path = /Virtua
[Juridico-Evandro]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/juridico_evandro
[Diretoria-Sotopietra]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/diret_sotopietra
[Iniciais]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/iniciais
[TI]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/ti
[Scanner]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/scanner
[Desktop]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /samba/files/desktop
[IntraChat]
        writable = yes
        browsable = yes
        path = /samba/intrachat
[SRC_COBRANCA_WEB]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writeable = yes
        browseable = yes
        path = /var/httpd/htdocs/src_cobranca_web
[SFTP]
        vfs objects = full_audit
        full_audit:prefix = "%u|%I|%P"
        full_audit:success = rmdir unlink rename
        full_audit:failure = rmdir unlink rename
        full_audit:facility = LOCAL0
        full_audit:priority = NOTICE
        writable = yes
        browsable = yes
        path = /data/soto/sftp
[Arquivos]
        writable = yes
        browsable = yes
        path = /samba/files
        valid users = administrator,leonardo.soares



----- Original Message -----
From: "Jeremy Allison" <[hidden email]>
To: "Dante Colo" <[hidden email]>
Cc: "samba" <[hidden email]>
Sent: Tuesday, September 12, 2017 1:11:11 PM
Subject: Re: [Samba] SMB data transfer performance on AD mode

On Tue, Sep 12, 2017 at 12:52:29PM -0300, Dante Colo via samba wrote:
> Hi Everyone !
>
> I note that all of samba AD server that i maintain are not so fast in terms of data transfer, more specifically none of them go over 40 MB/s , one particularly which i'm trying to find out why doesn't go over 20 MB/s , transfering data using other protocols like FTP , rsync , rsync over ssh on any of these machines i can easily achieve 80 MB/s ,i also can get the same on Samba if i run it as a basic standalone file server or classic pdc nt4 mode, is this normal ? I didn't try yet to deploy a basic file server and join a samba AD , is this better than use AD server itself in terms of data transfer performance ?

ENODATA :-). We need much more information
on your setup in order to help.

Otherwise, this is equivalent to "my car won't
go faster than 40 mph, what's wrong ?"

There are a multitude of possible problems :-).

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
Your problem probably comes from using the AD DC as a file server. The file server should be separated, as recommended by the Samba Wiki. I get close to wire speed on dedicated member servers.

With version 4.4.2, changes in behaviour for the "server signing" and "client signing" parameters were introduced to address the Badlock bug. Please read the following, specifically the paragraphs relating to CVE-2016-2114 and CVE-2016-2115.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
Your problem probably comes from using the AD DC as a file server. The file server should be separated, as recommended by the Samba Wiki. I get close to wire speed on dedicated member servers.

With version 4.4.2, changes in behaviour for the "server signing" and "client signing" parameters were introduced to address the Badlock bug. Please read the following, specifically the paragraphs relating to CVE-2016-2114 and CVE-2016-2115.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
Oops! I forgot the link. Sorry!

https://www.samba.org/samba/history/samba-4.4.2.html
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
Oops! I forgot the link. Sorry!

https://www.samba.org/samba/history/samba-4.4.2.html
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
Your problem probably comes from using the AD DC as a file server. The file server should be separated, as recommended by the Samba team. I get close to wire speed on dedicated member servers.

With version 4.4.2, changes in behaviour for the "server signing" and "client signing" parameters were introduced to address the Badlock bug. Those changes can impact file transfer speed. Please read the following, specifically the paragraphs relating to CVE-2016-2114 and CVE-2016-2115.

https://www.samba.org/samba/history/samba-4.4.2.html
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Tue, 12 Sep 2017 19:30:42 +0100
Miguel Medalha via samba <[hidden email]> wrote:

> Your problem probably comes from using the AD DC as a file server.
> The file server should be separated, as recommended by the Samba
> team. I get close to wire speed on dedicated member servers.
>
> With version 4.4.2, changes in behaviour for the "server signing" and
> "client signing" parameters were introduced to address the Badlock
> bug. Those changes can impact file transfer speed. Please read the
> following, specifically the paragraphs relating to CVE-2016-2114 and
> CVE-2016-2115.
>
> https://www.samba.org/samba/history/samba-4.4.2.html

You can use a DC as a fileserver, but I think the OP has just gone over
the top with the number of shares. It also doesn't help that some of
the shares are setup like the old Samba3 way, this doesn't work.

I also cannot understand compiling an old version of Samba (unless it
was some time ago), why not use the most upto-date version, or better
still, wait until 4.7.0 comes out and then use MIT for the kerberos.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Tue, 2017-09-12 at 09:11 -0700, Jeremy Allison via samba wrote:

> On Tue, Sep 12, 2017 at 12:52:29PM -0300, Dante Colo via samba wrote:
> > Hi Everyone !
> >
> > I note that all of samba AD server that i maintain are not so fast in terms of data transfer, more specifically none of them go over 40 MB/s , one particularly which i'm trying to find out why doesn't go over 20 MB/s , transfering data using other protocols like FTP , rsync , rsync over ssh on any of these machines i can easily achieve 80 MB/s ,i also can get the same on Samba if i run it as a basic standalone file server or classic pdc nt4 mode, is this normal ? I didn't try yet to deploy a basic file server and join a samba AD , is this better than use AD server itself in terms of data transfer performance ?
>
> ENODATA :-). We need much more information
> on your setup in order to help.
>
> Otherwise, this is equivalent to "my car won't
> go faster than 40 mph, what's wrong ?"
>
> There are a multitude of possible problems :-).

However, the first problem is that on the AD DC, smb signing is
required, which will make things slower than unprotected rsync.

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hi Rowland

The 4.5.10 was the newest of 4.5x series on that time, but the 4.5x series is still supported isn't it ? What shares are configured unproperly or like old samba way ?



----- Original Message -----
From: "samba" <[hidden email]>
To: "samba" <[hidden email]>
Sent: Tuesday, September 12, 2017 3:50:56 PM
Subject: Re: [Samba] SMB data transfer performance on AD mode

On Tue, 12 Sep 2017 19:30:42 +0100
Miguel Medalha via samba <[hidden email]> wrote:

> Your problem probably comes from using the AD DC as a file server.
> The file server should be separated, as recommended by the Samba
> team. I get close to wire speed on dedicated member servers.
>
> With version 4.4.2, changes in behaviour for the "server signing" and
> "client signing" parameters were introduced to address the Badlock
> bug. Those changes can impact file transfer speed. Please read the
> following, specifically the paragraphs relating to CVE-2016-2114 and
> CVE-2016-2115.
>
> https://www.samba.org/samba/history/samba-4.4.2.html

You can use a DC as a fileserver, but I think the OP has just gone over
the top with the number of shares. It also doesn't help that some of
the shares are setup like the old Samba3 way, this doesn't work.

I also cannot understand compiling an old version of Samba (unless it
was some time ago), why not use the most upto-date version, or better
still, wait until 4.7.0 comes out and then use MIT for the kerberos.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
Thank you !! I make a try setting up a member server .



----- Original Message -----
From: "Miguel Medalha" <[hidden email]>
To: "Dante Colo" <[hidden email]>
Sent: Tuesday, September 12, 2017 3:37:09 PM
Subject: Fwd: Re: [Samba] SMB data transfer performance on AD mode

---------- Forwarded message ----------
From: [hidden email] Medalha
Date: 12 Sep 2017 19:30
Subject: Re: [Samba] SMB data transfer performance on AD mode
To: <[hidden email]>
Cc:

> Your problem probably comes from using the AD DC as a file server. The file server should be separated, as recommended by the Samba team. I get close to wire speed on dedicated member servers.
>
> With version 4.4.2, changes in behaviour for the "server signing" and "client signing" parameters were introduced to address the Badlock bug. Those changes can impact file transfer speed. Please read the following, specifically the paragraphs relating to CVE-2016-2114 and CVE-2016-2115.
>
> https://www.samba.org/samba/history/samba-4.4.2.html

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Tue, 12 Sep 2017 15:57:38 -0300 (BRT)
Dante Colo <[hidden email]> wrote:

> Hi Rowland
>
> The 4.5.10 was the newest of 4.5x series on that time, but the 4.5x
> series is still supported isn't it ? What shares are configured
> unproperly or like old samba way ?
>

Yes, 4.5.x is still supported, but, when 4.7.0 comes out, it will move
to security fixes only. I would factor in upgrading Samba on a
regular basis, there have been reports of problems if you go a long
time between upgrades.

You have to use Windows ACLs on a DC, so things like 'write list' and
'valid users' don't work, see here:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

I think that 20 shares is a bit over the top for a DC, it sort of
points at you having a lot of users and computers, you will probably be
better of using a separate fileserver instead.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
In reply to this post by Samba - General mailing list
Le Wed, 13 Sep 2017 06:53:56 +1200
Andrew Bartlett via samba <[hidden email]> écrivait:

> >
> > There are a multitude of possible problems :-).  
>
> However, the first problem is that on the AD DC, smb signing is
> required, which will make things slower than unprotected rsync.
>

Yep, exactly the thing that drove me mad this summer :) If server
signing is on, it will significantly reduce thoughput....

--
------------------------------------------------------------------------
Emmanuel Florac     |   Direction technique
                    |   Intellique
                    | <[hidden email]>
                    |   +33 1 78 94 84 02
------------------------------------------------------------------------

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

attachment0 (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SMB data transfer performance on AD mode

Samba - General mailing list
On Wed, Sep 13, 2017 at 06:45:19PM +0200, Emmanuel Florac wrote:

> Le Wed, 13 Sep 2017 06:53:56 +1200
> Andrew Bartlett via samba <[hidden email]> écrivait:
>
> > >
> > > There are a multitude of possible problems :-).  
> >
> > However, the first problem is that on the AD DC, smb signing is
> > required, which will make things slower than unprotected rsync.
> >
>
> Yep, exactly the thing that drove me mad this summer :) If server
> signing is on, it will significantly reduce thoughput....

When 4.7.0 ships, if you're on a supported Intel x86_64
or AMD alternative, re-compiling with the hardware AES
instructions turned on should really help here.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba