----- Original Message ---- From: Matthew J. Salerno <[email protected]> To: [email protected] Sent: Thu, October 22, 2009 1:19:59 PM Subject: [Samba] Winbind lookup performance
Redhat 5.2 x86_64 samba-3.0.28-0.el5.8 My system is fully AD integrated, the only issue I have is that when I look up a users group (id, groups, etc.) it takes forever. This is causing issues due to the fact that I have pam policies in place to allow only users from a specific groups to log in, sudo and/or su. When the cache expires, it can take over 2 minutes to perform the lookup. I'm sure it doesn't help that my AD user account is a member of 120 different groups. I would imagine that if I could use a custom, more exclusive LDAP filter for the winbind module I could improve performance, but I don't believe that option is available. Is there a way for speeding up the lookup process? Thanks [global] workgroup = DOMAIN realm = DOMAIN.NET server string = Samba file and print server security = ADS log level = 3 max log size = 4192 large readwrite = No max xmit = 65535 client signing = Yes server signing = Yes deadtime = 15 socket options = TCP_NODELAY IPTOS_LOWDELAY TCP_NODELAY printcap name = cups preferred master = No idmap domains = DOMAIN idmap backend = tdb idmap alloc backend = tdb idmap cache time = 302400 idmap negative cache time = 600 template shell = /bin/bash winbind separator = + winbind cache time = 1800 winbind enum users = Yes winbind enum groups = Yes winbind nested groups = No winbind refresh tickets = Yes winbind offline logon = Yes winbind normalize names = Yes idmap config DOMAIN:default = yes idmap config DOMAIN:backend = rid idmap config DOMAIN:range = 5000-9999999 idmap config DOMAINN:cache time = 1800 idmap alloc config:range = 4000 - 4999 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I removed winbind enum users = Yes and winbind enum groups = Yes and it seems to be much faster. Now I just need ot make sure everything else is still working as expected. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
