Web lists-archives.com

Re: [Samba] Advice on Winbindd and NTLM Auth Performance




On Fri, 2017-09-01 at 10:36 +0100, Arnab Roy via samba wrote:
> Hi All,
> 
> I am using winbind and ntlm auth in Freeradius. At the moment that seems to
> be a major bottleneck. It seems like the ntlm_auth execution is taking a
> while , what all options can improve this .

What is your DC, and how far away it it network-wise?

Have you tried setting 
winbind max domain connections = 10
and 
winbind offline logon = no
(actually the default, but you might have set it without realising it
doesn't help with NTLM authentication).

> For starters adding TCP_NODELAY in smb.conf seems to have helped a little.

That is unlikely to be at all related. 

NTLM authentication has to be checked at the DC, so it can't be cached.
 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba