Samba Share Slow for Group Members Only

jasem200 · 03-13-2014, 03:33 AM

hi

10MB file takes 21 sec to open for owner and 42 sec for group members.

Domain Controller: Windows 2008 R2
File Servers: Windows 2008R2 have no problems
Linux FileServers:
Centos 6.3
samba3-winbind-32bit-3.5.19-44.el6.i686
samba3-winbind-3.5.19-44.el6.x86_64
samba3-client-3.5.19-44.el6.x86_64
samba3-3.5.19-44.el6.x86_64

Clients: Windows 7.

Ser Olmy · 03-13-2014, 05:22 AM

Is this an AD environment where Samba on the CentOS server is a domain member, or is Samba a standalone server or an NT-style domain controller?

If this is an AD domain, it could be an issue with group expansion/enumeration. Are the accounts in question direct members of the group, or do they get access rights indirectly through a group that's a member of another group?

Samba 3.5.19 is quite old and unsupported. Can you upgrade to a more recent version of Samba 3.x?

jasem200 · 03-13-2014, 05:41 AM

this is a Member domain server under Windows 2008 AD.
samba server is acting as NIS client as well, where it gets groups from first then from winbind.

-rwxrwx---+ 1 jasem200 itech+domainuser 10240000 Mar 7 10:48 testfile.zero.je.txt
-rwxr-x---+ 1 root itech+domainuser 10240000 Mar 7 10:48 testfile.zero.txt
getfacl testfile.zero.txt
# file: testfile.zero.txt
# owner: root
# group: ITECH+domainuser
user::rwx
group::---
group:ITECH+domainuser:r-x
group:admtech_read:r-x
mask::r-x
other::---

from NIS Server group configured to add more local linux users, original group name from AD is domänen-benutzer and gid 569901569
ITECH+domainuser:x:569901569:user1,oracle,user2,app_test

From Samba Server
[root@sambaserver perf_test]# getent group domainuser
[root@sambaserver perf_test]# getent group domänen-benutzer
domänen-benutzer:x:569901569:geostore

[root@sambaserver perf_test]# getent group itech+domainuser
[root@sambaserver perf_test]# wbinfo --group-info=domainuser
Could not get info for group domainuser
[root@sambaserver perf_test]# wbinfo --group-info=domänen-benutzer
domänen-benutzer:x:569901569:geostore

from smb log files of my machine for testing
[2014/03/13 10:17:47.118060, 3] smbd/process.c:1298(switch_message)
switch message SMBreadX (pid 11370) conn 0x7f76b17436a0
[2014/03/13 10:17:47.118084, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (569926268, 569901569) - sec_ctx_stack_ndx = 0
[2014/03/13 10:17:47.118107, 5] auth/token_util.c:531(debug_nt_user_token)
NT user token of user S-1-5-21-160060370-1729642269-1598175747-25212
contains 469 SIDs
SID[ 0]: S-1-5-21-160060370-1729642269-1598175747-25212
SID[ 1]: S-1-5-21-160060370-1729642269-1598175747-513
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-21-160060370-1729642269-1598175747-31469
SID[ 6]: S-1-5-21-160060370-1729642269-1598175747-27352
. .. . . . . .

SID[467]: S-1-22-2-569924245
SID[468]: S-1-22-2-569923118
SE_PRIV 0x0 0x0 0x0 0x0
[2014/03/13 10:17:47.121771, 5] auth/token_util.c:551(debug_unix_user_token)
UNIX token of user 569926268
Primary group is 569901569 and contains 232 supplementary groups
Group[ 0]: 569901569
Group[ 1]: 569932525
. . . . . .

upgrade is not an option right now, as it is a productive server but maybe an option for test server if we couldnt solve this issue.