Web lists-archives.com

Re: [Samba] winbind causing huge timeouts/delays since 4.8




Am 22.02.19 um 15:42 schrieb Rowland Penny via samba:
On Fri, 22 Feb 2019 15:35:53 +0100
Ralph Böhme via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi,

On Fri, Feb 22, 2019 at 01:59:15PM +0100, Alexander Spannagel via
samba wrote:
s.

hm, can't reproduce:

slow@titan:~/git/samba/scratch$ git describe
samba-4.8.3

slow@titan:~/git/samba/scratch$ sudo bin/net cache flush

slow@titan:~/git/samba/scratch$ time bin/wbinfo -i foo
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user foo

real    0m0.025s
user    0m0.004s
sys     0m0.004s

Can you share your full smb.conf?

Here is the extraction of the global section from our smb.conf:
[root@centos7dev64 ~]# testparm --section-name=global 2>/dev/null < /dev/null
# Global parameters
[global]
        dedicated keytab file = /etc/krb5.keytab
        disable spoolss = Yes
        domain master = No
        kerberos method = secrets and keytab
        ldap connection timeout = 10
        ldap timeout = 30
        load printers = No
        local master = No
        log file = /var/log/samba/log.%m
        max log size = 0
        os level = 0
        printcap name = /dev/null
        realm = OPS.GLOBAL.AD
        security = ADS
        server signing = required
        server string = FTP Samba Server
        show add printer wizard = No
        template shell = /bin/bash
        username map = /etc/samba/user.map
        winbind refresh tickets = Yes
        winbind separator = +
        workgroup = OPS
        idmap config * : rangesize = 1000000
        idmap config * : range = 1000000-19999999
        idmap config * : backend = autorid
        map acl inherit = Yes
        printing = bsd
        store dos attributes = Yes
        vfs objects = acl_xattr full_audit recycle extd_audit>>


You might also want to explain why you are using sssd's cache with
winbind.

We are running a mixed environment and use sssd for authentication against our unix ldap directory on all our unix servers. On a group of servers we need to provide smb shares to windows clients/servers and dedicated uid/gid mapping for windows users and groups.

Our default setup in nsswitch.conf regarding passwd/shadow/groups looks like:
passwd:     files sss
shadow:     files sss
group:      files sss

And on the servers running samba:
passwd:     files sss winbind
shadow:     files sss winbind
group:      files sss winbind

As mentioned it worked till the update from samba 4.7 to 4.8. The sssd is used for ldap and not AD authentication.

Alex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba