Web lists-archives.com

Re: [Samba] Slow, Incorrect Group Resolution through Winbind

On Wed, Sep 13, 2017 at 10:48 AM, Rich Otero via samba
<samba@xxxxxxxxxxxxxxx> wrote:

>         server max protocol = SMB2_22
>         max protocol = SMB2_22
>         protocol = SMB2_22

The 3 lines above all mean the same thing, the last 2 are synonyms of the first.
Taking a peek at "man smb.conf" is a good place to start.

>         idmap uid = 16777216-33554431
>         idmap gid = 16777216-33554431

The above 2 lines should be dropped.

>         idmap config * : range = 16777216-33554431
>         idmap config * : backend = tdb

Should be more like:
         idmap config STUDENTS : range = 16777216-33554431
         idmap config STUDENTS : backend = tdb

...plus something like:
         idmap config * : range = 10000-20000
         idmap config * : backend = tdb
... using a different range than configured for STUDENTS.

Again "man smb.conf" is your friend.

> I know that we are using some deprecated options, but this configuration
> typically works well for us.

Apparently not :-)

> Besides the logging options, allow me to explain the other two: I set
> "password server" to restrict Winbind from contacting DCs that it can't
> actually reach.

Not really sure that the "password server" parameter has any affect on
winbind, think it's just an smbd directive.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba