by Jason Stewart

Is your Samba slow?

Samba file sharing is great, but performance under Samba’s default configuration is fairly poor.

Here are a few options that I add to my smb.conf to get the speed that I need:

[global]

# FORCE THE DISK SYSTEM TO ALLOCATE REAL STORAGE BLOCKS WHEN
# A FILE IS CREATED OR EXTENDED TO BE A GIVEN SIZE.
# THIS IS ONLY A GOOD OPTION FOR FILE SYSTEMS THAT SUPPORT
# UNWRITTEN EXTENTS LIKE XFS, EXT4, BTRFS, OCS2.
# IF YOU USE A FILE SYSTEM THAT DOES NOT SUPPORT UNWRITTEN
# EXTENTS, SET "strict allocate = no".
# NOTE: MAY WASTE DRIVE SPACE EVEN ON SUPPORTED FILE SYSTEMS
# SEE: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798532

   strict allocate = Yes

# THIS IS TO COUNTERACT SPACE WASTAGE THAT CAN BE 
# CAUSED BY THE PREVIOUS OPTION 
# SEE: https://lists.samba.org/archive/samba-technical/2014-July/101304.html

   allocation roundup size = 4096

# ALLOW READS OF 65535 BYTES IN ONE PACKET.
# THIS TYPICALLY PROVIDES A MAJOR PERFORMANCE BENEFIT.

   read raw = Yes

# SERVER SIGNING SLOWS THINGS DOWN WHEN ENABLED.
# THIS WAS DISABLED BY DEFAULT PRIOR TO SAMBA 4.
# Thanks to Joe in the comments section!

   server signing = No

# SUPPORT RAW WRITE SMBs WHEN TRANSFERRING DATA FROM CLIENTS.

   write raw = Yes

# WHEN "strict locking = no", THE SERVER PERFORMS FILE LOCK
# CHECKS ONLY WHEN THE CLIENT EXPLICITLY ASKS FOR THEM.
# WELL-BEHAVED CLIENTS ALWAYS ASK FOR LOCK CHECKS WHEN IT IS
# IMPORTANT, SO IN THE VAST MAJORITY OF CASES,
# "strict locking = auto" OR "strict locking = no" IS ACCEPTABLE.

   strict locking = No

# TCP_NODELAY:
#    SEND AS MANY PACKETS AS NECESSARY TO KEEP DELAY LOW
# IPTOS_LOWDELAY:
#    [Linux IPv4 Tweak] MINIMIZE DELAYS FOR INTERACTIVE TRAFFIC
# SO_RCVBUF:
#    ENLARGE SYSTEM SOCKET RECEIVE BUFFER
# SO_SNDBUF:
#    ENLARGE SYSTEM SOCKET SEND BUFFER

   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072

# SMBWriteX CALLS GREATER THAN "min receivefile size" WILL BE
# PASSED DIRECTLY TO KERNEL recvfile/splice SYSTEM CALL.
# TO ENABLE POSIX LARGE WRITE SUPPORT (SMB/CIFS WRITES UP TO 16MB),
# THIS OPTION MUST BE NONZERO.
# THIS OPTION WILL HAVE NO EFFECT IF SET ON A SMB SIGNED CONNECTION.
# MAX VALUE = 128k

   min receivefile size = 16384

# USE THE MORE EFFICIENT sendfile() SYSTEM CALL FOR EXCLUSIVELY
# OPLOCKED FILES.
# NOTE: ONLY FOR CLIENTS HIGHER THAN WINDOWS 98/Me

   use sendfile = Yes

# READ FROM FILE ASYNCHRONOUSLY WHEN SIZE OF REQUEST IS BIGGER
# THAN THIS VALUE.
# NOTE: SAMBA MUST BE BUILT WITH ASYNCHRONOUS I/O SUPPORT

   aio read size = 16384

# WRITE TO FILE ASYNCHRONOUSLY WHEN SIZE OF REQUEST IS BIGGER
# THAN THIS VALUE
# NOTE: SAMBA MUST BE BUILT WITH ASYNCHRONOUS I/O SUPPORT

   aio write size = 16384

A few other references:

← Older Newer →
POSTED: 2013-07-02 UPDATED: 2017-06-30 CATEGORIES: Linux, Networking, Storage

Responses (15)

  • Thanks! Can you give us some examples of speeds that you achieved before and after, and some details about the hardware you used to run your tests?

    • Dave, My particular setup is a Core i3 and a 7200 RPM SATA drive. I went from 25 MB/sec pre-config to 115 MB/sec post-config (which happens to be the same speed I get when directly accessing the drive). Unless you have an SSD or a RAID pool with lots of IOPS, the drive is going to be the bottleneck.

  • Thanks for your reply. I made the same changes (excluding the allocate tweaks) on my FreeBSD 10.3-RELEASE Samba 4.3 (ZFS) server and got no change at all. I get up/down speeds of ~24MB/s, even though I am able to SCP data up/down at around 80MB/s, and my ZFS array is capable of even faster speeds. Any other tips?

    • Not sure if all of the "socket options" are applicable to FreeBSD. Also, "strict allocate = Yes" makes a pretty big difference.

      I did this under Linux. As for what low-level twiddling will get it up-to-par on FreeBSD (if that is even possible), I'd love to find out.

  • Some of use run enterprise storage and so we often go over 1GB/sec. IOPS might not be there, but general performance is usually well into the hundreds of MBs/sec across the board. I've been usting ATTO Disk benchmark (older version) to test our Samba from Windows, does anyone have a recommendation for something they like to use? ATTO values overflow (just says zero) past 1GB/sec. Newer versions of ATTO doesn't let you run against anything but local drives (not NAS).

  • Thanks a lot for the parameters. It went up from 15MB/s to 60MB/s running a asrock itx1900 board with 4GB RAM and just 2 old 1TB Samsung Spin Point F1 HDDs configured to be a mdadm Raid 1. System is Running Debian 8.6. Tanks for making the page

  • Excuse me where to write this configuration in smb.conf??

    • Under the [global] section. Just updated the post.

      Thanks!

  • I was having slowness issues. I setup samba as a Primary Domain Controller. I had nice gigabit hardware: Intel nics, Netgear 24port gigabit switch gs724t. A Windows to Windows file transfer would saturate my gigabit connection at over 100MB/s (that's gigabits to megabytes!). However any transfers from Windows to or from Samba would not go over 60MB/s. None of the options above worked. Until I ran "top" on my Linux box and noticed that smbd was consuming 100% of the processor's time. I found somewhere else on the internet that disabling server signing fixed the issue.

    Storage speeds should not be an issue if you have 7200 RPM drives with SATA-2 or higher. I have a Western Digital blue 500GB that can write speeds at 150MB/s (large files of course) with ease. A gigabit connection isn't going to go over too much more than 110MB/s.

    So, in review check "top" during a file transfer and see if Samba (smbd) is going gang busters with your CPU. Although some issues will be fixed with the above options others will not. I'm only posting this because it took me several days to figure out my issue and maybe it'll help someone else!

    • Joe,

      Which version of Samba are you running?

      I'm on 4.2.14-Debian, with a server signing value of default.

      You can use testparm -vs to list all current settings.

      P.S.> Thanks for the heads-up!

    • sorry, 4.6.5 from source. 

    • # Global parameters
[global]
	bind interfaces only = No
	config backend = file
	dos charset = CP850
	enable core files = Yes
	interfaces = 
	multicast dns register = Yes
	netbios aliases = 
	netbios name = DC1
	netbios scope = 
	realm = *********.COM
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
	server string = Samba 4.6.5
	share backend = classic
	unix charset = UTF-8
	workgroup = ******
	browse list = Yes
	domain master = Auto
	enhanced browsing = Yes
	lm announce = Auto
	lm interval = 60
	local master = Yes
	os level = 20
	preferred master = Auto
	allow dns updates = secure only
	dns forwarder = 192.168.0.1
	dns update command = /usr/local/samba/sbin/samba_dnsupdate
	machine password timeout = 604800
	nsupdate command = /usr/bin/nsupdate -g
	rndc command = /usr/sbin/rndc
	spn update command = /usr/local/samba/sbin/samba_spnupdate
	mangle prefix = 1
	mangling method = hash2
	max stat cache size = 256
	stat cache = Yes
	client ldap sasl wrapping = sign
	ldap admin dn = 
	ldap connection timeout = 2
	ldap delete dn = No
	ldap deref = auto
	ldap follow referral = Auto
	ldap group suffix = 
	ldap idmap suffix = 
	ldap machine suffix = 
	ldap page size = 1000
	ldap passwd sync = no
	ldap replication sleep = 1000
	ldap server require strong auth = Yes
	ldap ssl = start tls
	ldap ssl ads = No
	ldap suffix = 
	ldap timeout = 15
	ldap user suffix = 
	lock spin time = 200
	oplock break wait time = 0
	smb2 leases = Yes
	debug class = No
	debug hires timestamp = Yes
	debug pid = No
	debug prefix timestamp = No
	debug uid = No
	ldap debug level = 0
	ldap debug threshold = 10
	log file = 
	logging = 
	log level = 2
	max log size = 5000
	syslog = 1
	syslog only = No
	timestamp logs = Yes
	abort shutdown script = 
	add group script = 
	add machine script = 
	add user script = 
	add user to group script = 
	allow nt4 crypto = No
	delete group script = 
	delete user from group script = 
	delete user script = 
	domain logons = No
	enable privileges = Yes
	init logon delay = 100
	init logon delayed hosts = 
	logon drive = 
	logon home = \\%N\%U
	logon path = \\%N\%U\profile
	logon script = 
	reject md5 clients = No
	set primary group script = 
	shutdown script = 
	add share command = 
	afs token lifetime = 604800
	afs username map = 
	allow insecure wide links = No
	async smb echo handler = No
	auto services = 
	cache directory = /usr/local/samba/var/cache
	change notify = Yes
	change share command = 
	cluster addresses = 
	clustering = No
	config file = 
	ctdbd socket = 
	ctdb locktime warn threshold = 0
	ctdb timeout = 0
	default service = 
	delete share command = 
	homedir map = auto.home
	kernel change notify = Yes
	lock directory = /usr/local/samba/var/lock
	log writeable files on exit = No
	message command = 
	nbt client socket address = 0.0.0.0
	ncalrpc dir = /usr/local/samba/var/run/ncalrpc
	NIS homedir = No
	nmbd bind explicit broadcast = Yes
	panic action = 
	perfcount module = 
	pid directory = /usr/local/samba/var/run
	registry shares = No
	remote announce = 
	remote browse sync = 
	reset on zero vc = No
	smbd profiling level = off
	state directory = /usr/local/samba/var/locks
	usershare allow guests = No
	usershare max shares = 0
	usershare owner only = Yes
	usershare path = /usr/local/samba/var/locks/usershares
	usershare prefix allow list = 
	usershare prefix deny list = 
	usershare template share = 
	utmp = No
	utmp directory = 
	wtmp directory = 
	addport command = 
	addprinter command = 
	cups connection timeout = 30
	cups encrypt = No
	cups server = 
	deleteprinter command = 
	disable spoolss = No
	enumports command = 
	iprint server = 
	load printers = Yes
	lpq cache time = 30
	os2 driver map = 
	printcap cache time = 750
	printcap name = 
	show add printer wizard = Yes
	cldap port = 389
	client ipc max protocol = default
	client ipc min protocol = default
	client max protocol = default
	client min protocol = CORE
	client use spnego = Yes
	dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
	defer sharing violations = Yes
	dgram port = 138
	disable netbios = No
	enable asu support = No
	eventlog list = 
	large readwrite = Yes
	lsa over netlogon = No
	max mux = 50
	max ttl = 259200
	max wins ttl = 518400
	max xmit = 16644
	min receivefile size = 16384
	min wins ttl = 21600
	name resolve order = lmhosts wins host bcast
	nbt port = 137
	nt pipe support = Yes
	nt status support = Yes
	read raw = Yes
	rpc big endian = No
	rpc server port = 0
	server max protocol = SMB3
	server min protocol = LANMAN1
	server multi channel support = No
	smb2 max credits = 8192
	smb2 max read = 8388608
	smb2 max trans = 8388608
	smb2 max write = 8388608
	smb ports = 445 139
	svcctl list = 
	time server = No
	unicode = Yes
	unix extensions = Yes
	use spnego = Yes
	web port = 901
	write raw = Yes
	algorithmic rid base = 1000
	allow dcerpc auth level connect = No
	allow trusted domains = Yes
	auth methods = 
	check password script = 
	client ipc signing = default
	client lanman auth = No
	client NTLMv2 auth = Yes
	client plaintext auth = No
	client schannel = Auto
	client signing = default
	client use spnego principal = No
	dedicated keytab file = 
	encrypt passwords = Yes
	guest account = nobody
	kerberos encryption types = all
	kerberos method = default
	kpasswd port = 464
	krb5 port = 88
	lanman auth = No
	log nt token command = 
	map to guest = Never
	map untrusted to domain = No
	ntlm auth = No
	ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd
	null passwords = No
	obey pam restrictions = No
	old password allowed period = 60
	pam password change = No
	passdb backend = samba_dsdb
	passdb expand explicit = No
	passwd chat = *new*password* %n\n *new*password* %n\n *changed*
	passwd chat debug = No
	passwd chat timeout = 2
	passwd program = 
	password hash gpg key ids = 
	password server = *
	preload modules = 
	private dir = /usr/local/samba/private
	raw NTLMv2 auth = No
	rename user script = 
	restrict anonymous = 0
	root directory = 
	samba kcc command = /usr/local/samba/sbin/samba_kcc
	security = AUTO
	server role = active directory domain controller
	server schannel = Auto
	server signing = No
	smb passwd file = /usr/local/samba/private/smbpasswd
	tls cafile = tls/ca.pem
	tls certfile = tls/cert.pem
	tls crlfile = 
	tls dh params file = 
	tls enabled = Yes
	tls keyfile = tls/key.pem
	tls priority = NORMAL:-VERS-SSL3.0
	tls verify peer = as_strict_as_possible
	unix password sync = No
	username level = 0
	username map = 
	username map cache time = 0
	username map script = 
	aio max threads = 100
	deadtime = 0
	getwd cache = Yes
	hostname lookups = No
	keepalive = 300
	max disk size = 0
	max open files = 16384
	max smbd processes = 0
	name cache timeout = 660
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
	use mmap = Yes
	get quota command = 
	host msdfs = Yes
	set quota command = 
	create krb5 conf = Yes
	idmap backend = tdb
	idmap cache time = 604800
	idmap gid = 
	idmap negative cache time = 120
	idmap uid = 
	include system krb5 conf = Yes
	neutralize nt4 emulation = No
	reject md5 servers = No
	require strong key = Yes
	template homedir = /home/%D/%U
	template shell = /bin/false
	winbind cache time = 300
	winbindd privileged socket directory = /usr/local/samba/var/lib/winbindd_privileged
	winbindd socket directory = /usr/local/samba/var/run/winbindd
	winbind enum groups = No
	winbind enum users = No
	winbind expand groups = 0
	winbind max clients = 200
	winbind max domain connections = 1
	winbind nested groups = Yes
	winbind normalize names = No
	winbind nss info = template
	winbind offline logon = No
	winbind reconnect delay = 30
	winbind refresh tickets = No
	winbind request timeout = 60
	winbind rpc only = No
	winbind sealed pipes = Yes
	winbind separator = \
	winbind trusted domains only = No
	winbind use default domain = No
	dns proxy = Yes
	wins hook = 
	wins proxy = No
	wins server = 
	wins support = No
	rpc_server:tcpip = no
	rpc_daemon:spoolssd = embedded
	rpc_server:spoolss = embedded
	rpc_server:winreg = embedded
	rpc_server:ntsvcs = embedded
	rpc_server:eventlog = embedded
	rpc_server:srvsvc = embedded
	rpc_server:svcctl = embedded
	rpc_server:default = external
	winbindd:use external pipes = true
	idmap config * : backend = tdb
	comment = 
	path = 
	administrative share = No
	browseable = Yes
	case sensitive = Auto
	default case = lower
	delete veto files = No
	hide dot files = Yes
	hide files = 
	hide special files = No
	hide unreadable = No
	hide unwriteable files = No
	mangled names = Yes
	mangling char = ~
	map archive = No
	map hidden = No
	map readonly = no
	map system = No
	preserve case = Yes
	short preserve case = Yes
	store dos attributes = Yes
	veto files = 
	veto oplock files = 
	blocking locks = Yes
	csc policy = manual
	fake oplocks = No
	kernel oplocks = No
	kernel share modes = Yes
	level2 oplocks = Yes
	locking = Yes
	oplock contention limit = 2
	oplocks = Yes
	posix locking = Yes
	strict locking = Auto
	afs share = No
	available = Yes
	copy = 
	delete readonly = No
	dfree cache time = 0
	dfree command = 
	directory name cache size = 100
	dmapi support = No
	dont descend = 
	dos filemode = No
	dos filetime resolution = No
	dos filetimes = Yes
	fake directory create times = No
	follow symlinks = Yes
	fstype = NTFS
	include = 
	magic output = 
	magic script = 
	postexec = 
	preexec = 
	preexec close = No
	root postexec = 
	root preexec = 
	root preexec close = No
	spotlight = No
	volume = 
	wide links = No
	cups options = 
	default devmode = Yes
	force printername = No
	lppause command = 
	lpq command = %p
	lpresume command = 
	lprm command = 
	max print jobs = 1000
	max reported print jobs = 0
	printable = No
	print command = 
	printer name = 
	printing = cups
	printjob username = %U
	print notify backchannel = No
	queuepause command = 
	queueresume command = 
	use client driver = No
	acl allow execute always = No
	acl check permissions = Yes
	acl map full control = Yes
	durable handles = Yes
	ea support = No
	map acl inherit = No
	nt acl support = Yes
	profile acls = No
	access based share enum = No
	acl group control = No
	admin users = 
	create mask = 0744
	directory mask = 0755
	force create mode = 0000
	force directory mode = 0000
	force group = 
	force unknown acl user = No
	force user = 
	guest ok = No
	guest only = No
	hosts allow = 
	hosts deny = 
	inherit acls = No
	inherit owner = no
	inherit permissions = No
	invalid users = 
	read list = 
	read only = Yes
	smb encrypt = default
	valid users = 
	write list = 
	aio read size = 16384
	aio write behind = 
	aio write size = 16384
	allocation roundup size = 4096
	block size = 1024
	max connections = 0
	min print space = 0
	strict allocate = Yes
	strict rename = No
	strict sync = No
	sync always = No
	use sendfile = Yes
	write cache size = 0
	msdfs proxy = 
	msdfs root = No
	msdfs shuffle referrals = No
	ntvfs handler = unixuid, default
	vfs objects = dfs_samba4 acl_xattr


[netlogon]
	path = /usr/local/samba/var/locks/sysvol/*****.com/scripts
	read only = No


[sysvol]
	path = /usr/local/samba/var/locks/sysvol
	read only = No


[Users]
	path = /Users
	csc policy = documents
	read only = No
	directory_mode: parameter = 0700

  • Hoenstly iam done with samba

    For Years i struggle with performance issues, specially on virtulized setups (kvm with virtio driver) shure samba 4 has some really nice features and a real domain. thats all fine but no matter waht i try i never get even close to the performance i should have.

    whiel network speedtests bring up almost the full gbit, samba is at best at 50-60mb/sec on large files. options above do help a bit but its far from a stable connect (jumps arounds 5-9 mb up and down) and never gets over 65mb/sec compared on the same physical host with an identical machine i runa 2012r2 with dedupe on the same spec (2cpus 2gig ram) one smb connect and get almsot rock solid 100mb/sec so something is off with samba.

    what i noticed is i can improve a bit by nicing the smbd process but that makes things not really better, i mean 30% cpu usage with signing off is a bit much now iam going to switch voer to windows for smb for good.

    data deduplication is a big factor there too (cant switch to zfs right now on linux) and the windows version does actually very good job on deduping on a block level.

    on one hadn iam really sad about this, and doesnt make my life easier on the other samba isnt production ready yet, (after over a decade of trying) and probably never will. :(

  • Thanks for the writeup. After spending weeks debugging an issue with a SHARP MX-365N printer intermittently failing when sending scanned documents to a samba share, I finally traced it back to this article. The advice seems to be useful for many, but many settings are defaulted (such as TCP_NODELAY) or not necessary. I didn't notice any measurable performance gains to begin with however. Just a heads up if anyone's having SMB problems with a specific client.

Leave a Reply

You must be logged in to post a comment.

Subscribe

 

Copyright ©2023,  Hilltop Software LLC.
Software Development in Eubank, KY.