Web lists-archives.com

Re: [Samba] Advice on Winbindd and NTLM Auth Performance




Hi ,

I have not yet received the reason why libwbclient doesn't honour the paths
mentioned in the smb.conf file.

This is making my current deployment scenario unusable.

Can some one look at the source and post some comments on this ?

Many Thanks
Arnab

On 4 Sep 2017 9:34 pm, "Arnab Roy" <arniekol@xxxxxxxxx> wrote:

> Anyone on how to get libwbclient some kind of runtime parameter from smb
> conf?
>
>
> On 3 Sep 2017 23:22, "Arnab Roy" <arniekol@xxxxxxxxx> wrote:
>
>>
>>
>> Wouldn't it be nice if the end user had a choice . Why would it be unsafe
>> considering all the info is in smb.conf and it just needs to read like all
>> other samba processes like smbd or nmbd?
>>
>> The problem I have got here is that my radius needs to talk to multiple
>> disjoint ad domains hence runs multiple winbind instances.
>>
>> Any chance you can point me to the code where the socket lookup happens
>> in libwbclient? May be i just need to create a local patch.
>>
>> Thanks for your input thus far.
>>
>> Arnab
>>
>> On 3 Sep 2017 11:06 pm, "Andrew Bartlett" <abartlet@xxxxxxxxx> wrote:
>>
>>> On Sun, 2017-09-03 at 22:34 +0100, Arnab Roy via samba wrote:
>>> > Hi Rowland,
>>> >
>>> > The only thing I'm using is winbindd the smbd and nmbd daemons are
>>> > disabled.
>>> >
>>> > However I have now found the bottleneck is because freeradius is
>>> > calling
>>> > the ntlm_auth binary and effectively forking out.
>>> >
>>> > The guys at freeradius wrote a direct client libwbclient however
>>> > their is
>>> > no way of specifying the winbind privileged path using that method as
>>> > it's
>>> > hardcoded during compile time.
>>> >
>>> > Why does samba hardcode this on all client applications is beyond my
>>> > little
>>> > knowledge :(
>>>
>>> The libwbclient library is used in a privileged context (su, via
>>> pam_winbind) so we can't safely runtime configure it.  If you want a
>>> different path, specify it at build time.
>>>
>>> Andrew Bartlett
>>> --
>>> Andrew Bartlett
>>> https://samba.org/~abartlet/
>>> Authentication Developer, Samba Team         https://samba.org
>>> Samba Development and Support, Catalyst IT
>>> https://catalyst.net.nz/services/samba
>>>
>>>
>>>
>>>
>>>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba