Web lists-archives.com

Re: [Samba] net ads and wbinfo are painfully slow -- but they work




On Tue, 31 Jan 2017 08:59:02 -0800
Chris Stankevitz via samba <samba@xxxxxxxxxxxxxxx> wrote:

> I just created a windows domain. it is essentially empty except for a
> couple of users and an group policy related to windows update.  I then
> configured samba to connect using ads.
> 
> net ads join took > 5 minutes - but worked fine
> 
> net ads testjoin takes ~5 minutes - shows a good join
> 
> wbinfo -u takes ~5 minutes and shows the users
> 
> During the long wbinfo pause, the log show:  "Starting GENSEC sub
> mechanism gse-krb5"
> 
> I'm using samba 4.2.14 on FreeBSD 10.3.  Configuration files printed
> below and came from the samba wiki [1]. The network is not connected
> to the internet.
> 
> Can you tell me what is wrong?
> 
> Thank you,
> 
> Chris
> 
> [1]
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> 
> root@nickel:~ # smbd --version
> Version 4.2.14
> 
> root@nickel:~ # cat /etc/krb5.conf
> [libdefaults]
>         default_realm = MYDOMAIN.LOCAL
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
> 
> root@nickel:~ # cat /usr/local/etc/smb4.conf
> [global]
>   security = ADS
>   workgroup = MYDOMAIN
>   realm = MYDOMAIN.LOCAL
>   disable netbios = yes
>   idmap config * : backend = tdb
>   idmap config * : range = 3000-19999

I know you say that you followed the wiki and I can see that the above
two 'idmap config' lines were copied from the wiki, but did you miss or
not understand the info directly below where the two lines came from ?
What I am trying to get at, is it obvious that you need to click on one
of the links ?

I would also expect to see at least something like this:

    idmap config SAMDOM : backend = rid
    idmap config SAMDOM : range = 10000-999999

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba