Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[SOLVED] Samba worker ldap process at 100% CPU

https://forum.tranquil.it/viewtopic.php?t=3745

Page 1 of 1

[SOLVED] Samba worker ldap process at 100% CPU

Published: January 17, 2024 - 8:55 AM
by stephane.borgne
Hello,

Our Samba AD controller is almost constantly at 100% on the "samba: task[ldap] pre-forked worker" processes.
From my research, processes in a CLOSE_WAIT state (there are a few dozen on our server) seem to be the cause.
I can't find the source of the problem or a solution...
Has anyone in the user community encountered this before? How did you resolve it?

Thanks in advance for any tips or tricks that would help.

Stéphane

Re: Samba worker ldap process at 100% CPU

Published: January 17, 2024 - 10:41
by yalemu
Hi Stéphane,

What version of Samba is running on this server?
We'd need to check the machine's specs (RAM/CPU) and load. Are there any applications making specific LDAP requests (with certain OIDs, for example, or nested groups, or with insufficient scope)?

Yohannès,
Tranquil IT

Re: Samba worker ldap process at 100% CPU

Published: January 17, 2024 - 11:57 AM
by stephane.borgne
Hi Yohannès,

Thanks for your reply, the "nested group / scope" clue put me on the right track!

The DCs transmit (via rsyslog) user logins/logouts to an agent on another machine. This agent is linked to our firewall/internet filter... which makes LDAP queries to determine which filtering policy to apply.

By stopping the agent, the firewall no longer has any information, so it stops querying the directory, and activity returns to normal...

Some tweaking ahead for the firewall admin :/

[SOLVED] Re: Samba worker ldap process at 1OO% CPU

Published: January 17, 2024 - 6:24 PM
by yalemu
Cool, thanks for your feedback!

Indeed, it must be quite demanding. :)

Have a good evening,

Yohannès
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru