Web lists-archives.com

Re: [Samba] Advice on Winbindd and NTLM Auth Performance




Hi Rowland,

The only thing I'm using is winbindd the smbd and nmbd daemons are disabled.

However I have now found the bottleneck is because freeradius is calling
the ntlm_auth binary and effectively forking out.

The guys at freeradius wrote a direct client libwbclient however their is
no way of specifying the winbind privileged path using that method as it's
hardcoded during compile time.

Why does samba hardcode this on all client applications is beyond my little
knowledge :(

Many Thanks
Arnab

On 3 Sep 2017 12:48 pm, "Rowland Penny via samba" <samba@xxxxxxxxxxxxxxx>
wrote:

> On Fri, 1 Sep 2017 23:30:53 +0100
> Arnab Roy <arniekol@xxxxxxxxx> wrote:
>
> > Hello Everyone,
> >
> > Thanks for your inputs I have followed whats here
> > https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind
> > Apart from the different location for the directories. I have added
> > the recommended options in samba.
>
> That howto seems to have been dated even when it was written and you
> haven't added all the 'recommended options'.
> The howto tells you to add these lines:
>
>  idmap uid = 16777216-33554431
>  idmap gid = 16777216-33554431
>
> These were marked as deprecated on 3.6 and you should be using lines
> like these:
>
>     idmap config *:backend = tdb
>     idmap config *:range = 2000-9999
>     idmap config SAMDOM : backend = rid
>     idmap config SAMDOM : range = 10000-999999
>
> Without these lines, winbind doesn't know who your users & groups are.
>
> Or are you using sssd ?
> If so, then Samba isn't doing authentication.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba