Gentoo Wiki


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

Previous page Top Next Page


Log levels

An often overlooked preformance hinderance is logfiles. If you have followed my guide thus far then you have specified several log levels quite high, which will result in lots of extra data for the system to generate and then process when it writes it to a log on the disk. The following section outlines where we can trim the log file 'fat.'


This is a big one, with debug set to 256 it will create a log for every lookup the system does against passwd, shadow, or group account information, which can be quite often (every ls looks up passwd and group. once this works, it will continue to work so feel free to edit the /etc/ldap.conf and comment out the debug directive or set it to 0.


This is another big one, with loglevel set to 255 slapd will display information on damn near everything and again once slapd is up and running properly we no longer need access to all thoes messages. Edit /etc/openldap/slapd.conf and comment out the loglevel directive, or set it to 0. When your done editing this we will need to restart slapd. This can be accomplished with the following command.

# /etc/init.d/slapd restart


If you turned up the log level for samba it can produce extra and unnecessary output just as well as the others. Edit /etc/samba/smb.conf and comment out the log level directive or set it to 0. When your done editing this you will need to restart samba, this can be accomplished with the following command.

# /etc/init.d/samba restart

By default, Samba still uses NSS to get user and group information. While this works because we configured NSS to use LDAP, having Samba go directly to LDAP is much faster. First, we need to change /etc/samba/smb.conf to do this:

File: smb.conf
ldapsam:trusted = yes
# This is the default
guest account = nobody

Now we need to add the guest account to LDAP so that Samba can start.

# userdel nobody
# groupdel nobody
# smbldap-groupadd -g 65534 -o nobody
# smbldap-useradd -a -u 65534 -g 65534  -n -s /bin/false -d /  nobody
# /etc/init.d/samba restart

See smb.conf(5) for details on the ldapsam:trusted = yes setting.

Roaming Profiles

When a user logs onto the network using a roaming profile the default behavior is for everything in the C:\Documents and Settings\%USERNAME% tree to be copyed from its location on a remote server to the workstation the user has logged into. While the user is logged in all changes are made to the local copy. When the user logs off the workstation all of the data is copied back onto the server that originaly contained the profile. When user profiles grow in size we can have dramatic preformance hits on not only user logon and logout times, but also network performance. The following outlines some steps that can be taken to minimalize the size of roaming profiles while still enjoying their benifits.

There are two places where we need to make modifications in order to reduce the size of roaming profiles. The first is the Local Group Policy of each workstation. The second is each users HKEY_CURRENT_USER registry cluster (NTUSER.DAT)

Local Group Policy

Currently Samba PDC's are unable to take advantage of Group Policy Objects, However we can enact the same changes to each computers Local Group Policy. While you don't have to do it manually for each computer, we do have to do it manually at least once. On a windows client click Start -> run, and enter 'gpedit.msc' (without the single quotes).

... tbe ...

Preview of docs in Talk:HOWTO_LDAP_SAMBA_PDC_Performance_Tuning Page ;) 
Po0ky 09:00, 2 January 2006 (GMT)
Note: 29/4/2007 You are not able to make real GPO's objects like in a Windows Domain, but with a tool from MS called poledit.exe you are able to set some basic policies running for a group or a default domain member, or a machine or other objects. If you save the config in the root of "Netlogon-Share" and name the policy NTConfig.POL, your users and clients will use it. There are some options like "Erasing roaming profiles from workstations after logoff " , "Limit Size of roaming profiles" and "Exclude Directories From Profile".

The advantage of this solution is, you DO NOT HAVE to configure "Local Group Policy" as mentioned above on each client, or each user for a domain. You have a central file "NTConfig.POL, where all configuration for domain members and computers is written.

The Default Profile

By creating a default profile we can ensure that all users created afterwards will use a profile which is more limited in what is transfered back and forth on logon and logout.

First we need a fresh and 'untainted' profile to use as our base profile. the easyist way to accomplish this is to logon with our testuser (provided you havent changed anything, if you have, create a new user with smbldap-useradd -a -m -P username and log in with them.)

Once Loged in click on Start -> run and key in regedt32

Previous page Top Next Page

Retrieved from ""

Last modified: Fri, 05 Sep 2008 08:04:00 +0000 Hits: 9,524