Web lists-archives.com

Re: [Samba] winbind causing huge timeouts/delays since 4.8




On Sat, 23 Feb 2019 22:45:04 +0100
Ralph Böhme <slow@xxxxxxxxx> wrote:

> 
> > Am 23.02.2019 um 22:23 schrieb Rowland Penny via samba
> > <samba@xxxxxxxxxxxxxxx>:
> >>>>> He also has these:
> >>>>> 
> >>>>> idmap config * : rangesize = 1000000
> >>>>> idmap config * : range = 1000000-19999999
> >>>>> idmap config * : backend = autorid
> >>>>> 
> >>>>> The '*' domain is meant for the Well Known SIDs and anything
> >>>>> outside the Samba domain. I would have expected something like
> >>>>> this:
> >>>>> 
> >>>>> idmap config * : backend = tdb
> >>>>> idmap config * : range = 3000-7999
> >>>>> idmap config OPS : backend = rid
> >>>>> idmap config OPS : range = 10000-999999
> >>>> 
> >>>> That should also be fixed.
> >>>> 
> >>>> 
> >> We use this as we have a multi-domain setup on windows side and
> >> this is a suggested setup from wiki.samba.org:
> >> https://wiki.samba.org/index.php/Idmap_config_autorid
> > 
> > Cannot argue with that fact, it is there, but it also says it is
> > meant to be used with the 'DOMAIN' domain not the '*' domain, looks
> > like I will have to make that more prominent.
> 
> idmap_autorid can be used as default domain, Alexander's idmap config
> is perfectly fine.
> 
> -slow

Well yes, it could be used for the default domain, but what about the
'DOMAIN' domain ?

>From my understanding, the default range is meant for the Well Known
SIDs and anything outside the given domains and there are less than two
hundred Well known SIDs.

To be honest, I have never really seen the point to autorid, it just
seems to be the 'rid' backend with a way to set the range size.

I will stick to recommending using 'tdb' for the '*' domain and 'ad'
or 'rid' for any other domains.

Rowland
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba