Difference between revisions of "Samba server process model"

(Add a page describing samba's process model)
 
Line 1: Line 1:
 +
The samba process has different models for how it manages client connections (e.g. RPC, LDAP connections, etc). The process model is specified by the <code>--model</code> [https://www.samba.org/samba/docs/current/man-html/samba.8.html command line argument] when Samba is first started. The available models are:
  
The samba process has different models for how it manages client connections (e.g. RPC or LDAP connections). The process model is specified by the <code>--model</code> [https://www.samba.org/samba/docs/current/man-html/samba.8.html command line argument] when Samba is first started. The available models are:
+
* '''standard''': The default. Each Samba service (LDAP, RPC, etc) runs in a separate process. For services that support it (LDAP and NETLOGON), a separate process is forked for every accepted connection from a client.
 +
* '''prefork''': Each Samba service (LDAP, RPC, etc) runs in a separate process. A fixed number of worker processes are started for those services that support it (currently LDAP, NETLOGON, and KDC). instead of forking a separate process for each client connection, the connections are shared amongst the existing worker processes. Requests for services not supporting prefork are handled by a single process for that service.
 +
* '''single''': Everything gets done in a single process. This is recommended only for testing and debugging, not for production networks.
  
* '''standard''': The default. A separate process is forked for every accepted connection from a client.
+
Note that these options only control the behaviour of the <code>samba</code> process, not the <code>smbd</code> process.
* '''prefork''': A fixed number of worker processes are forked when samba first starts up, and the accepted client connections are distributed amongst these processes.
 
* '''single''': Everything gets done in a single process. This is recommended only for testing and debugging.
 
  
Note that these options only control the behaviour of the <code>samba</code> process, not the <code>smbd</code> process.
+
You can see what samba processes are running by using the <code>samba-tool processes</code> command on your DC.
  
 
== Prefork model ==
 
== Prefork model ==
 +
 +
The prefork model is recommended for Samba setups where there are either a large number of transitive client connections, or the client connections remain open for long periods of time. Otherwise, with the standard process model, Samba can end up forking large numbers of processes to manage these connections.
 +
 +
You may want some thought/investigation into the number of prefork worker processes that will best suit your network. This is specified by the <code>prefork children</code> [https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html smb.conf] option.
 +
 +
Prefork support for LDAP connections was added to Samba v4.9. Prefork support for NETLOGON and KDC was added to v4.10.
 +
 +
=== Prefork restart ===
 +
 +
If a prefork worker thread were to crash for some reason, it will be restarted. If it were a persistent problem, then respawning the worker process could consume a lot of CPU resources. To mitigate this situation, there will be a backoff period before the worker thread is respawned. During this time, the client connections will be processed by the remaining prefork worker processes (providing you're not using <code>prefork children = 1</code>). To control this respawn behaviour, use the <code>prefork backoff increment</code> and <code>prefork maximum backoff</code> settings in the smb.conf.

Revision as of 22:57, 28 January 2019

The samba process has different models for how it manages client connections (e.g. RPC, LDAP connections, etc). The process model is specified by the --model command line argument when Samba is first started. The available models are:

  • standard: The default. Each Samba service (LDAP, RPC, etc) runs in a separate process. For services that support it (LDAP and NETLOGON), a separate process is forked for every accepted connection from a client.
  • prefork: Each Samba service (LDAP, RPC, etc) runs in a separate process. A fixed number of worker processes are started for those services that support it (currently LDAP, NETLOGON, and KDC). instead of forking a separate process for each client connection, the connections are shared amongst the existing worker processes. Requests for services not supporting prefork are handled by a single process for that service.
  • single: Everything gets done in a single process. This is recommended only for testing and debugging, not for production networks.

Note that these options only control the behaviour of the samba process, not the smbd process.

You can see what samba processes are running by using the samba-tool processes command on your DC.

Prefork model

The prefork model is recommended for Samba setups where there are either a large number of transitive client connections, or the client connections remain open for long periods of time. Otherwise, with the standard process model, Samba can end up forking large numbers of processes to manage these connections.

You may want some thought/investigation into the number of prefork worker processes that will best suit your network. This is specified by the prefork children smb.conf option.

Prefork support for LDAP connections was added to Samba v4.9. Prefork support for NETLOGON and KDC was added to v4.10.

Prefork restart

If a prefork worker thread were to crash for some reason, it will be restarted. If it were a persistent problem, then respawning the worker process could consume a lot of CPU resources. To mitigate this situation, there will be a backoff period before the worker thread is respawned. During this time, the client connections will be processed by the remaining prefork worker processes (providing you're not using prefork children = 1). To control this respawn behaviour, use the prefork backoff increment and prefork maximum backoff settings in the smb.conf.