---------- Forwarded message ---------- From: Nico Kadel-Garcia <[email protected]> Date: Wed, Jul 4, 2012 at 12:12 PM Subject: Re: [Samba] smb.conf for around 2500 users To: steve <[email protected]>
On Wed, Jul 4, 2012 at 11:11 AM, steve <[email protected]> wrote: > On 03/07/12 10:18, Jonathan Buzzard wrote: >> >> >> On Mon, 2012-07-02 at 18:20 +0200, steve wrote: >> >> [SNIP] >> >>> >>> I think I must be missing something here because as far as I can see, >>> winbindd puts all users into the directory specified in template >>> homedir. [homes] then picks out the user from there. >>> >> >> Yes you are stop using template homedir and configure winbind correctly. > > > OK. template homedir is now removed. Although we are using winbind we are > not running winbindd. All our mapping is done using nss-pam-ldapd. > >> >> >> # deal with NSS and the whole UID/SID id mapping stuff >> idmap backend = tdb >> idmap uid = 2000000 - 2999999 >> idmap gid = 2000000 - 2999999 >> idmap config MYDOMAIN : backend = nss >> idmap config MYDOMAIN : readonly = yes >> idmap config MYDOMAIN : range = 500 - 1999999 >> idmap cache time = 604800 >> idmap negative cache time = 20 >> winbind cache time = 600 >> winbind nss info = rfc2307 >> winbind expand groups = 2 >> winbind nested groups = yes >> winbind use default domain = yes >> winbind enum users = yes >> winbind enum groups = yes >> winbind refresh tickets = yes >> winbind offline logon = false >> > No, we have none of that. Our global is simply: > [global] > server role = domain controller > workgroup = MARINA > realm = hh3.site > netbios name = HH1 > passdb backend = samba4 > wide links = Yes > unix extensions = No > > > >> You need to edit /etc/nsswitch of course. This is the "samba" way of >> doing things. > > > We have > passwd: compat ldap > group: compat ldap > hosts: files mdns4_minimal [NOTFOUND=return] dns > >> >> >> As to suggestions to use autofs on 2500 users, my advice is don't. Works >> well at ~50 users but gets flacky at couple hundred users with random >> things not working 100% of the time that will take you for ever to track >> down to autofs if you do. >> > That's interesting/worrying. Although we have 2500 users, we only have > around 150 computers in the domain, spread over 4 teaching labs. Those are > split about 50:50 Linux:windows so I'd put the maximum number of NFS autofs > mounts to be 80 at most. What do you recon? NFS and autofs buys you some very, very useful things. One is that it can support multiple upstream NFS servers, which might help distribute the load for 2500 users. Another is that by automounting a set of subdirectories, instead of one large master share, you can tune the settings of those mounted directories for security. Another is that you can mix NFSv3 and NFSv4 for environments that need TCP based access or Kerberized authentication for fileshares. Another is that unused material is not mounted and can be deleted or re-arranged on the fileserver, which is priceless when managing 2500 accounts with 2500 home directories. But with 2500 users, and hundreds at a time connected, it's maybe time to think about running the CIFS fileshares directly on the NFS *servers* and get the Samba clients out of the way Why introduce a layer of complexity with a Samba client on top of NFS if the fileserver can do it directly? And if it's too much for one fileserver, maybe it's time to think about splitting up fileservices anyway. > Cheers and thanks for your comments, > Steve > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
