Slow file transfer on ADDC mode

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Slow file transfer on ADDC mode

Samba - General mailing list
Hi,

I have an issue on a Samba 4.5 running as AD DC compiled from source installed on a CentOS 7.3 server upgraded from 4.3 which had the same problem ,file transfers of a single file between Samba and windows machines don't go over 13 MB/s while a transfer over ssh( scp or sftp) and rsync goes over 80 and 100 MB/s respectively, network hardware switches and machines ethernet cards are all gigabit ,i also tried increase log verbosity but didn't see anything wrong, maybe i failed to figure it out , anyway i deployed a Samba on other customer with the same version,build options ,configuration, same OS and had no issues, i'l post here samba build options and smb.conf , any ideas or suggestions ?

Best Wishes
Dante

./configure --jobs=4 -vp --fatal-errors --slow --enable-debug --enable-selftest --with-logdir=/var/log/samba --sysconfdir=/etc --localstatedir=/var/lib/samba --oldincludedir=/usr/local/samba/old_include --mandir=/usr/share/man --with-statedir=/var/lib/samba --with-privatedir=/var/lib/samba/private --with-piddir=/var/run/samba --with-cachedir=/var/cache/samba --with-lockdir=/var/lib/samba/locks --with-logfilebase=/var/log/samba --with-sockets-dir=/var/run/samba --with-configdir=/etc/samba

[global]
bind interfaces only = yes
interfaces = lo em1
workgroup = SOTOPIETRA
realm = SOTOPIETRA.LOCAL
netbios name = S11
os level = 255
server string = SOTOPIETRA-PDC
server role = active directory domain controller
dns forwarder = 192.168.0.2
time server = yes
admin users = leonardo.soares
ntp signd socket directory = /var/lib/samba/ntp_signd
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
max protocol = SMB3_02
max log size = 4096
debug class = yes
debug prefix timestamp = yes
log file = /var/log/samba/log.%I
log level = 1
printing = bsd
load printers = no
printcap name = /dev/null
disable spoolss = yes
use sendfile = yes
smb2 leases = no
dbwrap_tdb_mutexes:* = yes
max stat cache size = 65536
[netlogon]
path = /var/lib/samba/sysvol/sotopietra.local/scripts
read only = yes
browsable = no
[sysvol]
path = /var/lib/samba/sysvol
read only = No
browsable = no
[profiles]
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
path = /samba/profiles
writable = yes
browsable = yes
csc policy = programs
[Homedirs]
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
path = /samba/homedirs
writable = yes
browsable = yes
[RH]
vfs objects = full_audit,acl_xattr
full_audit:prefix = "%u|%I|%P"
full_audit:success = rmdir unlink rename
full_audit:failure = rmdir unlink rename
full_audit:facility = LOCAL0
full_audit:priority = NOTICE
map acl inherit = yes
store dos attributes = yes
writable = yes
browsable = yes
path = /samba/files/rh

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Slow file transfer on ADDC mode

Samba - General mailing list
On Thu, 4 May 2017 13:25:34 -0300 (BRT)
Dante F. B. Colò via samba <[hidden email]> wrote:

> Hi,
>
> I have an issue on a Samba 4.5 running as AD DC

Try doing this:

Remove these lines from [global]

os level = 255
admin users = leonardo.soares
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
max protocol = SMB3_02
debug class = yes
debug prefix timestamp = yes
use sendfile = yes
smb2 leases = no
dbwrap_tdb_mutexes:* = yes
max stat cache size = 65536

They are either the defaults or shouldn't be used on an AD DC

Change [profiles to this:

[profiles]
    path = /samba/profiles
    read only = no

Change [Homedirs] to this:

[Homedirs]
    path = /samba/homedirs
    read only = no

Ghange [RH} to this:

[RH]
    path = /samba/files/rh
    read only = no
    vfs objects = full_audit
    full_audit:prefix = "%u|%I|%P"
    full_audit:success = rmdir unlink rename
    full_audit:failure = rmdir unlink rename
    full_audit:facility = LOCAL0
    full_audit:priority = NOTICE

acl_xattr is built into Samba when running as an AD DC, so you cannot
use the old way of doing things, see here for a start:

https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Slow file transfer on ADDC mode

Samba - General mailing list
Hi Rowland

Thank you for your reply, i removed them but nothing changed :(, i also tried to remove others thing like the full_audit module to keep the settings simplest as possible but had no effect, i'll try to build samba with profiling support and debug with some tools like gdb which i don't have much experience but i'll try it.


The current Samba versions support the production/stable version of Windows 10 SMB3 ? I'm asking this because on the smb.conf man page it says "Technical Preview", i decided to try to set max protocol to windows 8.1 SMB3_02 because i had some issues with Windows 10 client machines ,some of these machines was hanging during logon , Excel crashing while editing files and doing this didn't happen anymore. When you look at client  smb sessions with smbstatus command,the protocol version negotiated of Windows 10 machines appears as "unknown", is this normal ?

Best Regards
Dante
 


----- Original Message -----
From: "Rowland Penny" <[hidden email]>
To: "samba" <[hidden email]>
Cc: "Dante F. B. Colò" <[hidden email]>
Sent: Thursday, May 4, 2017 1:57:34 PM
Subject: Re: [Samba] Slow file transfer on ADDC mode

On Thu, 4 May 2017 13:25:34 -0300 (BRT)
Dante F. B. Colò via samba <[hidden email]> wrote:

> Hi,
>
> I have an issue on a Samba 4.5 running as AD DC

Try doing this:

Remove these lines from [global]

os level = 255
admin users = leonardo.soares
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
max protocol = SMB3_02
debug class = yes
debug prefix timestamp = yes
use sendfile = yes
smb2 leases = no
dbwrap_tdb_mutexes:* = yes
max stat cache size = 65536

They are either the defaults or shouldn't be used on an AD DC

Change [profiles to this:

[profiles]
    path = /samba/profiles
    read only = no

Change [Homedirs] to this:

[Homedirs]
    path = /samba/homedirs
    read only = no

Ghange [RH} to this:

[RH]
    path = /samba/files/rh
    read only = no
    vfs objects = full_audit
    full_audit:prefix = "%u|%I|%P"
    full_audit:success = rmdir unlink rename
    full_audit:failure = rmdir unlink rename
    full_audit:facility = LOCAL0
    full_audit:priority = NOTICE

acl_xattr is built into Samba when running as an AD DC, so you cannot
use the old way of doing things, see here for a start:

https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

How many users can we create in a Domain ?

Samba - General mailing list
Has the samba a limit in the amount of users or computers ?

How many users have you seen in the same domain ?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How many users can we create in a Domain ?

Samba - General mailing list
Hi Denis,

----- Mail original -----
> De: "Denis Morejon via samba" <[hidden email]>
> À: [hidden email]
> Envoyé: Vendredi 5 Mai 2017 22:40:20
> Objet: [Samba] How many users can we create in a Domain ?

> Has the samba a limit in the amount of users or computers ?
>
> How many users have you seen in the same domain ?

I have worked on a few large Samba AD deployments in the last years ranging from a few thousands up to 12 thousands users (and dozens of smaller ones). With 4.6 you are really safe in that 10k zone and just have to be careful about setting properly your domain and replication and to avoid large groups. From my guts feelings (and in house benchmark testing), it should be possible to push forward to 20k-30k users range with 4.6 if you *really* carefully setup your domain. And if you need to go further or need large groups, there are huge performance improvements coming in 4.7 for large domains, along with completed RODC support. By the way, if you need really more, there is currently a technical limitation in the TDB backend storage that would prevent one from storing much more than 100k users/computers anyway.

One thing to be knowledgeable about is that it is very easy to setup a domain with one DC on one site and a few hundreds of users. It is another story to properly setup a domain with thousands of users with dozens of DCs spread on many sites (both from a technical and organizational point of view). Going large scale requires very good AD expertise (TechNet is your friend here) and some SambaAD experience to avoid the most common pitfalls. If things are not properly setup on large scale domains, when sh*t hits the fan, it really spreads on a very large scale.

Cheers,

Denis

PS : you may keep an eye on the sambaxp.org site, the conference has just finished and the recordings of the talks should be posted soon. You may take a look at both the presentation of Kevin from Indeed and mine, it may give you some insight and feedback. Andrew Bartlett also gave a talk titled "Samba at Scale: 100,000 user AD Domains" that may be of interest to you. Anyway, all the presentations were interesting, I encourage everyone to attend that SambaXP conference, and it is a very nice occasion to meet all the Samba team members :-) ...

>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba