I’ve installed samba-client and it’s allowing access to the local share, but it’s very slow indeed. While the password prompt is immediate, the delay thereafter is half a minute or so. I suspect it’s likely the same slowness that the Windows and Manjaro Linux clients are exhibiting.
Notably this is a test within the Rocky host, not a network connection.
]# smbclient -U testuser //localhost/smbshare
Password for [samba\testuser]:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Sun Nov 26 13:08:12 2023
.. D 0 Sun Nov 26 11:55:29 2023
New Text Document.txt A 39 Sun Nov 26 13:31:21 2023
28445112 blocks of size 1024. 26044408 blocks available
smb: \>
Especially how much memory, I found threads that say if there is too few memory the performance can drop drastically
But these reports are like… 10 years+ old
The host machine isn’t really doing much while it waits at the authentication stage, it’s just sitting, without much CPU usage. It’s a 2-core AMD Athlon II X2 245 processor, 16GB RAM, running CentOS7, with Rocky as the guest O/S inside VirtualBox, with 6GB RAM allocated to the guest. At the moment the Rocky guest is the only system running. The machine isn’t struggling here, it’s more like an authentication problem.
When I attempt to open a text file via the Manjaro Linux client, through Samba the editor displays this message for a while, indicating that it’s opening the file. I’ve never seen this happen on the old Samba systems. This is just a file containing a few bytes. Again, looking at the server monitor in CentOS, the CPU usage doesn’t even increase at this time.
Tbh I’m getting out of options, the only thing I could imagine is that samba now requires a rather modern x86 crypto instruction that is not available… but that’s also just fishing…
(made a roundcall in Mattermost, maybe someone comes with ideas)
Yes, there’s something odd. The plan, as you probably can guess, is to try resolving this Samba situation, before actually moving the server itself onto Rocky 8.9.
At the moment, the machine is running well with CentOS and an earlier version of Samba, but I don’t want to continue with CentOS for too long.
I’ll try installing the same Rocky minimal system on another machine that’s more recent, as that might help to pinpoint the problem. Thanks for all your help Lumarel.
One last thing I was made aware of, is the configured DNS Server reachable and fast enough? The thought is, that all requests will be slow because it takes so long for each DNS lookup (also for IP addresses)
I also tested this for short… and yes localhost also times out here, as soon as the configured DNS Server is not reachable (misconfigured DNS server and search domain)
it even points very strongly in that direction now, and also makes sense…
I set up the Rocky guest to use my network router as the DNS, which is what I normally do. The router in turn has its DNS server set to OpenDNS’s 208.67.222.222 and 208.67.220.220.
This is only the same of the host system which has been running Samba successfully for some years.
From the new Rocky guest, I can successfully ping microsoft.com for instance.
Do you also get a response for all local entries, including reverse DNS? (it must at least deliver a NX record)
So, the server side tries to resolve the client name, all the time.
You can test this with dig or always available getent hosts <hostname>/<fqdn> (or getent hosts <int>.0.0.10.in-addr.arpa.) and so on
I’m only accessing the Rocky guest’s Samba shares via the guest’s IP address, which is 192.168.0.119. The machine’s hostname is “rocky” but as with all RHEL systems I’ve installed before, the host’s name is never visible on the LAN, in other words, the systems are never accessible via their hostname, neither to Windows, nor to other Linux machines.
Maybe it’s a DNS problem as you think, but I’ve only installed the system in the same way that I’ve installed other systems here, which is very simply really, as follows :
Give the machine a fixed LAN IP, in this case 192.168.0.119
Set the hostname as rocky.abc (with abc being my three-digit company abbreviation)
Set the netmask as 255.255.255.0
Set the gateway as my router’s address 192.168.0.100
Set the DNS address as 192.168.0.100 (as the router)
Then finally installed Samba exactly as you set out.
I also installed xrdp on yesterday’s system and that worked immediately, even without a reboot.
On today’s minimal installation, I set up ssh, so I can get to the system via PuTTY. It was very slow to display the password prompt, so I set the “GSSAPIAuthentication No” option, which I remembered from past times, as that’s an old problem I’ve fixed before.
Should I perhaps try again with fixed DNS addresses 208.67.222.222 and 208.67.220.220 instead of using the router’s DNS?
When you say misconfigure your DNS server and reproduce the same problem as I have, do you mean disable the DNS?
Not sure if this will make it better the latency per request might go up, my environment is unfortunately not really a good default for comparison, having a local authorative server, which serves all local zones and reverse zones (+ forwards requests).
I literally configured a IP address in my network which does not exist, and the domain search list has a faulty entry (typo in the domain name)
Maybe tomorrow I’ll try again, with hostname that doesn’t include a dot suffix, in other words just rocky? I don’t know if it makes a difference.
I’ve just been looking at my two existing CentOS servers, one being the host that’s running the Rocky virtual machine and the other which is a dedicated Samba file share that provides no other function. Both are set up in the same way as I’ve done with Rocky, in so far as I gave them a “machine.abc” hostname. The dedicated fileshare server has a couple of lines in its Samba config file :
netbios name = fileserver
lanman auth = yes
Interestingly, I can see the name fileserver from my Windows clients for that machine, whereas for the other CentOS 7 machine, I can’t, even though it has netbios name set, so for that, I always specify its IP address from Windows — not a big thing for me, as it’s only me having to do this.
The lanman auth, I recall, was to allow Windows XP to access the shares. That was quite a long time ago now.
So for fqdn (rocky.abc) or hostname (rocky), the better option is always the fqdn, that’s more a security measure than anything else (as long as the domain search list includes your domain), so yeah for the smb connection it shouldn’t make any difference
Tbh I just don’t remember if the older version of samba already did so much dns lookups
Oh wow it has been a while since I saw LM enabled somewhere, that’s basically one of the oldest auth methods MS implemented into SMB (it makes it less secure, but could also make it work, if you still have Windows 95 systems around) (XP SP3 is already capable of NTLMv2, but yeah old very old ^^)
And the NETBIOS name, that should if not given by default be the hostname
Oh and the NETBIOS domain normally is always “WORKGROUP”
This NETBIOS domain is also the thing that needs to match that Windows can autodiscover the share
I was doing this correctly then, by giving the Rocky server the FQDN, but anyway I tried again today, omitting the name but it makes no difference — Samba just struggles to work for me, under Rocky, although other services are fine.
I looked back today at my notes from the time I began considering replacement of the CentOS installation some weeks ago. I’d tried Debian Server, out of interest and I can see that Samba worked straight away with the basic smb.conf (this was as a virtual guest also). Although it worked well, I disliked the idea of using Debian because I found that it kept going into hibernation, even when installed specifically as the server platform.
I also installed FreeBSD and I still have that running. That worked perfectly with Samba and is very quick — notably very much quicker than other systems. That was a potential replacement I considered.
Today I installed Ubuntu Server 22.04.3 as a virtual machine and it too worked perfectly first time . It even allows me to connect from the old CentOS7 server which fails entirely with Rocky. Also connecting from the Manjaro machine takes place instantly, whereas the Rocky installation takes ages to connect and to open files.
It’s difficult to see that I can be doing anything wrong, because I’ve managed to install perfectly working systems on Debian, FreeBSD and Ubuntu. Something seems to be broken with Rocky and Samba, but it’s difficult for me to spend more time on it.
(it makes it less secure, but could also make it work, if you still have Windows 95 systems around) (XP SP3 is already capable of NTLMv2, but yeah old very old ^^)
