[SOLVED] Samba worker ldap process at 100% CPU

[stephane.borgne]

Hello,

Our Samba AD controller is almost constantly at 100% on the "samba: task[ldap] pre-forked worker" processes.
From my research, processes in a CLOSE_WAIT state (there are a few dozen on our server) seem to be the cause.
I can't find the source of the problem or a solution...
Has anyone in the user community encountered this before? How did you resolve it?

Thanks in advance for any tips or tricks that would help.

Stéphane

[yalemu]

Hi Stéphane,

What version of Samba is running on this server?
We'd need to check the machine's specs (RAM/CPU) and load. Are there any applications making specific LDAP requests (with certain OIDs, for example, or nested groups, or with insufficient scope)?

Yohannès,
Tranquil IT

[stephane.borgne]

Hi Yohannès,

Thanks for your reply, the "nested group / scope" clue put me on the right track!

The DCs transmit (via rsyslog) user logins/logouts to an agent on another machine. This agent is linked to our firewall/internet filter... which makes LDAP queries to determine which filtering policy to apply.

By stopping the agent, the firewall no longer has any information, so it stops querying the directory, and activity returns to normal...

Some tweaking ahead for the firewall admin :/

[yalemu]

Cool, thanks for your feedback!

Indeed, it must be quite demanding.

Have a good evening,

Yohannès