Re: [Samba] Winbind, cached logons and 'user persistency'...
- Date: Fri, 18 Jan 2019 10:41:10 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Winbind, cached logons and 'user persistency'...
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Marco Gaiarin via samba
> Verzonden: vrijdag 18 januari 2019 10:03
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Winbind, cached logons and 'user
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
> > Maybe the winbind cache time is set to low for this.
> OK. But this look still strange/dangerous to me. Two 'open point':
> 1) seems to me that there's many 'cache time' parameters:
> + idmap cache time, default 604800 (one week); seems related only to
> SID<->GID/UID query, so unrelated here.
> + winbind cache time, default 300 (5 minutes); this seems the
> parameter i need to tackle with.
> but... HOW work that cache? There's a 'negative' timeout also? Or
> simply cache data and use cached data if all DC are not available?
Poe, this i dont know, i dont know all code...
Rowland, you know this?
> 2) in my network i've 7 DCs. Tearing down the main switch i've surely
> disconnected all the remote DCs. But still i've two local one, one of
> that in the same phisical proxmox server of the DM member that lost
> cache. So could be reachable!!
Does proxmod allow routing internaly? This i dont know.
Simple test, pull the cable out of the proxmod host server, ping these 2 vm servers within proxmod.
Can you test this?
> I suppose that a DM will try to contact *all* DCs (at first
> glance, the same-site-dc; after all available DCs), right?
> There's some things i can do to make sure DCs are alive and kicking?
Can you show the output of : dig your.domain.tld
> Ah, DM are 4.8.8+nmu-1~deb9, your packages.
Ah, good to see your are 4.8.8 now :-)
> dott. Marco Gaiarin GNUPG
> Key ID: 240A3D66
> Associazione ``La Nostra Famiglia''
> Polo FVG - Via della Bontà, 7 - 33078 - San Vito al
> Tagliamento (PN)
> marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711
> f +39-0434-842797
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the