PDC migration: printing trouble. Summary.
in [Samba]
|
From: Remy Zandwijk on 9 Apr 2008 15:40 Hi all, Thanks for all replies regarding the subject. I took some time to debug the problem, which resulted in some interesting insights. I started with a clean printer driver repository, no ntforms, ntprinters and ntdrivers.tdb files. Then I installed and assigned the drivers to the printers. First of all: the server is a Solaris 10 machine, which has sendfile support. Sendfile is compiled in, but not enabled by default. I enabled sendfile in smb.conf, which should result in less CPU stress. Second: all printers had an 'invalid users' setting in the share definition. It turned out that this considerably stresses the CPU. It took about 10 seconds for the properties to show up for a 'HP 4250PS driver' printer. While truss-ing the smbd process, we saw that the smbpasswd file was opened for 85 times (from the click on 'properties' to when the properties appeared). I think that's a lot. We have around 4700 entries in the smbpasswd file, so I can imagine why it takes long for the properties to show up when 6 invalid users are configured. Only one would expect that the smbpasswd file is opened just 6 to 10 times, and not 85 times. I guess this won't happen when using a tdbsam passdb backend (which is not an option for us for now). After deleting the 'invalid users' setting, the properties showed up in about 2 seconds. Some more experimenting showed that adding the invalid users to the security tab (as in: deny user 'a' to print) resulted in about the same behaviour. Can't explain why the old Samba 2.2 server doesn't suffer from this though. Another thing is that 'guest ok = yes' on the print$ share resulted in lots of reads/opens of files as the user 'nobody'. This is unnecessary in our setup, since every user is authenticated. Obviously, I configured 'guest ok = no' now. Since uploading the drivers to the server is a lot of work in case of 78 printers, I looked for a way to use the 'old' drivers. I deleted all nt*.tdb files, copied the drivers and copied the ntdrivers.tdb from the old server. In the printer properties (advanced -> driver) all drivers showed up. Only the association with printers was gone (which was expected). I could simply assign the printers the correct driver. Then, I did the same as above but not before renaming the server and workgroup to a temporary name. Assigned the local/domain SID of the original domain with 'net setlocalsid', etc. Assigned the drivers again, applied the correct settings etc. Then I renamed the server/workgroup to the original name again, checked if the local/domain SIDs were still OK (Samba apparently caches that). All associations were still there, with correct settings. This answers my question if printer-driver-associations survive server/workgroup name changes. -Remy > we've been moving an old Samba 2.2.x PDC install to a Samba 3.0.28 PDC > install. We copied the ntdrivers.tdb and ntprinters.tdb from to old to > the new server. After the migration, everything was just fine, except > printing seemed to be somewhat slower. As more and more user logged on, > the machine got really > sluggish and printing took quite long. We figured out we've got bitten by: > > <http://www.usenet-forums.com/samba/311929-re-samba-slow-printing-print-properties-cups-samba.html> > > > The plan is to assign the new server a new 'workgroup' name, which > divers from the workgroup settings of the old PDC, delete all .tdb > files, assign the printers drivers and settings again. Then, turn off > the old PDC, change the workgroup setting of the new PDC to match the > old PDC, etc. Basically, we build new printing .tdb files. > > The question is: is this going to work? Do the .tdb files which have > something to do with printers have references to the temporary workgroup > name or do they use domain/local SID's (which are the same on the old > and new server)? Any other gotcha's? Is there a more proper way to > accomplish this? > > Thanks for your comments, > Remy > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Björn Jacke on 11 Apr 2008 06:20 On 2008-04-09 at 21:31 +0200 Remy Zandwijk sent off: > Second: all printers had an 'invalid users' setting in the share definition. > It turned out that this considerably stresses the CPU. It took about 10 > seconds for the properties to show up for a 'HP 4250PS driver' printer. While > truss-ing the smbd process, we saw that the smbpasswd file was opened for 85 I had a similar issue some days ago with an smbd torturing it's LDAP server quite a lot. There was a directory with lots of different group ACEs on the files and hide unreadable being activated on that share. As lots of clients having change notification on that directory, smbd had a really hard time asking the LDAP server for gid-to-sid and uid-to-sid resolution. As this was a PDC winbind coudn't cache the results from the LDAP server. The increased amount of requests were a result of the exact uid/sid mappings introducted in 3.0.23c. "Hide unreadable" was the trigger that was causing so may checks to be done. As a result each client triggered some hundreds of LDAP request every 5 seconds. It might be that your "invalid users" parameter also triggers a huge amount of requests. You might try to use the attached patch which Volker wrote to cache uid/gid to sid requests in memory with 1h TTL. The patch was done against 3.0.25. That patch reduced the load that smbd put on the LDAP server dramatically. How about this patch being commited upstream? Cheers Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
From: Björn JACKE on 11 Apr 2008 07:20 On 2008-04-11 at 12:39 +0200 Volker Lendecke sent off: > On Fri, Apr 11, 2008 at 12:10:10PM +0200, Bj�rn Jacke wrote: > > How about this patch being commited upstream? > > no patch attached :-) something has munched up my mail, there was the patch attached. The signature got broken, too. Strange. Attched is the patch again, now unsigned. Cheers Bj�rn -- SerNet GmbH, Bahnhofsallee 1b, 37081 G�ttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG G�ttingen, HRB 2816, GF: Dr. Johannes Loxen
From: Helmut Hullen on 11 Apr 2008 08:00 Hallo, Bj�rn, Du (bj) meintest am 11.04.08: >> no patch attached :-) > something has munched up my mail, there was the patch attached. The > signature got broken, too. Strange. Attched is the patch again, now > unsigned. No patch attached. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Björn Jacke on 11 Apr 2008 08:20 On 2008-04-11 at 13:52 +0200 Helmut Hullen sent off: > No patch attached. yes, it's useless as long as Mailman is removing the attached patch each time. Look at the mail header: X-Content-Filtered-By: Mailman/MimeDel 2.1.5 If Mailman thinks a mail has bogous attachments it should remove and bounce back the complete mailbut the mail should not be silently altered. Jerry (are you the list maintainer?), can you have look at the problem please? Cheers Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Next
|
Last
Pages: 1 2 Prev: write list vs read list Next: [Samba] Help: justification for Linux PDC vs Windows... |