[K12OSN] Logons get slower with time with Active Directory/pam_mount (fwd)

James P. Kinney III jkinney at localnetsolutions.com
Sat Jun 16 14:17:03 UTC 2007


On Sat, 2007-06-16 at 09:19 -0400, Tom Wolfe wrote:
> This isn't /quite/ a repost, I've made a little progress -- but someone
> out there must know an answer!
> 
> As the day progresses, logons get slower (by the end of the day up to a
> minute long). We have Active Directory authentication and pam_mount to a
> windows server for the students' document folders. When I run df I get a
> huge list of open share mounts, mostly from inactive users (users that
> have probably had their logons interrupted instead of logging off). When I
> run umount -a things speed up again.
> 
> Does anyone know how to fix this in a more elegant fashion, i.e. is there
> any way to unmount shares for inactive users?

Is it possible to have a permanent mount for user space and just use AD
for authentication? 

You could run a cron that looks for system activity for each user. If
nothing has been running for X time, kill off their processes and
unmount their share.

I have found it to be significantly easier and more reliable to use
Linux systems to provide file space for Windows clients that to use
Windows systems to do the same for either Windows or Linux clients.

In the interim I would look at modifying the mount process so there is a
single "drive" mount and all users are contained within it. Every time a
user wants to write to their filespace, the pam system must scan its
ENTIRE permissions tree until it finds a match and then it digs down the
branch for the actual connection. If you have a few dozen branches, no
problem. If you have several hundred you have a serious bottleneck.
Every node down the tree and branch is a pair (or more) of packets over
the wire to the AD server. So it does grow exponentially with the number
of simultaneous users. It looks to me that way you are set up is
bypassing all of the internal Linux authentication and access controls
(very fast) and doing it all over a network connection to a foreign
system. Ugh.
> 
> Thanks,
> Tom Wolfe
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070616/cae6c186/attachment.sig>


More information about the K12OSN mailing list