[K12OSN] Logons get slower with time with Active Directory/pam_mount (fwd)

Tom Wolfe twolfe at sawback.com
Sat Jun 16 17:17:15 UTC 2007

Hi James, thanks for the ideas. I'm not much of an expert with samba so
excues my ignorance here.

- permanent mount space: doesn't this mean that access permissions go the
same for all subfolders of the samba mount (according to the user who
created the share?) I tried this but couldn't figure out a way to overcome
this issue.

- Linux file server: this is actually the solution I'm currently
entertaining. One handy thing I've found with the W2K servers is the
concept of the "Shadow Volume" where users can right-click and obtain
Previous Versions (that I have set to be created twice a day, once at
7:00am, the other at 1:15 pm). This reduces the hassles I have with users
saying "Can you get this file I had three weeks ago that I think I deleted
a week or two ago" etc. Does anything like this exist with Linux?

- where could I find documentation on samba with K12LTSP so I can use the
K12LTSP server as a windows file server?

Tom Wolfe

On Sat, 16 Jun 2007, James P. Kinney III wrote:

> On Sat, 2007-06-16 at 09:19 -0400, Tom Wolfe wrote:
> > This isn't /quite/ a repost, I've made a little progress -- but someone
> > out there must know an answer!
> >
> > As the day progresses, logons get slower (by the end of the day up to a
> > minute long). We have Active Directory authentication and pam_mount to a
> > windows server for the students' document folders. When I run df I get a
> > huge list of open share mounts, mostly from inactive users (users that
> > have probably had their logons interrupted instead of logging off). When I
> > run umount -a things speed up again.
> >
> > Does anyone know how to fix this in a more elegant fashion, i.e. is there
> > any way to unmount shares for inactive users?
> Is it possible to have a permanent mount for user space and just use AD
> for authentication?
> You could run a cron that looks for system activity for each user. If
> nothing has been running for X time, kill off their processes and
> unmount their share.
> I have found it to be significantly easier and more reliable to use
> Linux systems to provide file space for Windows clients that to use
> Windows systems to do the same for either Windows or Linux clients.
> In the interim I would look at modifying the mount process so there is a
> single "drive" mount and all users are contained within it. Every time a
> user wants to write to their filespace, the pam system must scan its
> ENTIRE permissions tree until it finds a match and then it digs down the
> branch for the actual connection. If you have a few dozen branches, no
> problem. If you have several hundred you have a serious bottleneck.
> Every node down the tree and branch is a pair (or more) of packets over
> the wire to the AD server. So it does grow exponentially with the number
> of simultaneous users. It looks to me that way you are set up is
> bypassing all of the internal Linux authentication and access controls
> (very fast) and doing it all over a network connection to a foreign
> system. Ugh.
> >
> > Thanks,
> > Tom Wolfe
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
> --
> James P. Kinney III
> CEO & Director of Engineering
> Local Net Solutions,LLC
> 770-493-8244
> http://www.localnetsolutions.com
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7

More information about the K12OSN mailing list