Re: [Samba] IDMAP Cache
- Date: Mon, 25 Jun 2018 10:34:03 +0200
- From: Meike Stone via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] IDMAP Cache
Hello dear list,
can someone help me?
The manual page clearly states:
"The idmap backend provides a plugin interface for *Winbind* to use
varying backends to store SID/uid/gid mapping tables." and
"ID mapping in Samba is the mapping between Windows SIDs and Unix user
and group IDs. This is performed by *Winbindd* with a configurable
So, that's the reason, why I said "No winbind is running." (on my server)
So that can explain, why samba 3 is asking the LDAP-Server often, but
why is using samba 4 the cache without winbind?
my configuration (testparm -v -s | grep idmap):
ldap idmap suffix =
idmap backend = tdb
idmap cache time = 604800
idmap negative cache time = 120
idmap uid =
idmap gid =
idmap config * : backend = tdb
Thanks in advance
2018-06-22 13:40 GMT+02:00 Meike Stone <meike.stone@xxxxxxxxxxxxxx>:
> Hello dear list,
> I have running a Samba 3 server (under SLES11) connected to an
> LDAP-Server and it is running well.
> But now, I like to migrate to Samba 4 and I've made a few tests before.
> The whole time I with Samba 3, I was surprised about the many ldap requests so
> that I thought about an additional local OpenLDAP proxy cache.
> But now with Samba 4 (with the same configuration like Samba 3,
> SLES12) the IDMAP
> requests are cached in a local tdb (gencache.tdb).
> I can check the local cache "net cache list". While the list on Samba 3 is
> empty, with Samba 4 there are a lot of IDMAP entires.
> No winbind is running.
> My questions:
> - Is this cache configurable (TTL, ...) - I've nothing found?
> - Does the cache configuration and functional principle
> differ between Samba 3 and 4?
> - How to debug this?
> - Why only the cache under Samba 4 is working?
> Thanks Meike
> my configuration (same for Samba 3 and 4):
> workgroup = Samba
> map to guest = Bad User
> security = user
> server string = Server1
> max protocol = SMB2
> deadtime = 600
> load printers = no
> printcap name = /dev/null
> disable spoolss = yes
> ldap admin dn = uid=sambauser,o=some,c=domain
> passdb backend = ldapsam:"ldap://ldap01.some.domain"
> ldap suffix = cn=samba,o=some,c=domain
> ldap user suffix = cn=accounts
> ldap group suffix = cn=groups
> ldap passwd sync = No
> log level = 255
> syslog = 0
> path = /daten/share1
> comment = share1
> writeable = yes
> browseable = no
> nt acl support = no
> inherit permissions = yes
> store dos attributes = yes
> csc policy = disable
To unsubscribe from this list go to the following URL and read the