Web lists-archives.com

Re: [Samba] winbind causing huge timeouts/delays since 4.8




Am 22.02.19 um 23:02 schrieb Rowland Penny via samba:
So, you are trying to use 4 different methods of authentication on the
same Samba server, Unix, sssd, winbind and ldap, and you expect this to
work ?

No. we use max. 3 auth providers: (1. and 2. on all unix servers)
1. unix (local passwd)
   for static OS/service accounts across all our env
2. sssd (with unix ldap servers as provider)
   unix experienced user and application related service accounts
3. samba/winbind
   for windows users/services needing access to a group of unix servers

All that worked fine in coexistence since years and just stopped working smoothly with update to samba-4.8 and can be fixed with provided patches that fixes patch from Bug#13503 from mid of 2018. Initial also provided config changes to fix the issues, but they are only workarounds.

I repeat, from a Samba point of view, your smb.conf is borked, see here
for more info:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Will take a look, but not certain what configuration options you want point me too.

You do not need winbind and sssd on the same Samba server, they do the
same thing, pick one and delete the other.
They don't - as stated above we use sssd for query/caching entries from our ldap directory server and not Windows DomainConmtrollers - also this is possible, but makes more trouble and don't provide what samba's smb/windbind does.


Your borked smb.conf is trying to be a Unix domain member, you do not
use ldap in smb.conf

Samba authenticate and caching AD accounts is working as expected and without issues.

If your smb.conf is set up correctly, your active directory users will
become Unix users as well.

Indeed it works just fine.

You can if you so wish, go to git-lab and creating a fork and make your
changes there, see here for more info:

https://wiki.samba.org/index.php/Using_Git_for_Samba_Development

Rowland

Thanks for point me there, will take a look.

Alex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba