It wasn't clearing the cache that took 12-15 minutes, it was loading the cache from the AD. There are a *lot* of users and groups, and all users are members of *lots* of groups (often 40-50 groups per member).
While cache is being loaded, user authentication stalls. That's the rub. Clearly, if the cache format changes, it'd need to be cleared. And maybe due to other things like joining a different domain. But those are rare events compared to restarting winbindd. Anyhow, just checking to see if there were things I wasn't aware of... Thanks, Ken -----Original Message----- From: Tim Potter [mailto:[EMAIL PROTECTED]] Sent: Sunday, February 09, 2003 5:03 PM To: Ken Cross Cc: 'Multiple recipients of list SAMBA-TECHNICAL' Subject: Re: Why reset winbindd_cache.tdb? On Sun, Feb 09, 2003 at 03:53:05PM -0500, Ken Cross wrote: > We have a site with SAMBA_3_0 where it takes 12-15 minutes to > initialize winbindd's cache (locks/winbindd_cache.tdb) every time > winbindd restarts. While this is going on, users can't authenticate. > (~12,000 users and 9,000 groups using ADS. Same results with or > without -B.) > > My question is: do we really need to re-init the winbindd cache every > time it starts? > > It seems like the sequence number is a pretty effective way to manage > aging the cache. I hacked it where it doesn't truncate the cache at > startup and it seems to work very well. Did you fix this by removing the TDB_CLEAR_IF_FIRST flag from tdb_open_log() in winbindd_cache.tdb? This operation should be fairly quick and definitely shouldn't take 12-15 minutes. It strictly shouldn't be necessary to do this as you mention above but it has been useful to delete the cache when changing the format of entries in the cache between (development) versions of winbindd. Tim.