On 29/09/12 20:31, David Touzeau wrote:
nsswitch as been changed to
passwd: files ldap winbind
group: files ldap winbind
shadow: files ldap winbind
But lsass.exe still run at 100% cpu and winbind still want to parse
the full AD
I think i will create a ticket on the tracker because we have removed
winbind from the nsswitch:
passwd: files ldap
group: files ldap
shadow: files ldap
and lsass.exe still run at 100%
When stopping winbindd
lsass.exe is down to 0%
From: Heather Choi
Sent: Saturday, September 29, 2012 4:26 PM
To: David Touzeau
Cc: [email protected] ; [email protected]
Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe
process run cpu to 100%
manpages of nssswitch: compat support `+/-' in the ``passwd'' and
``group'' databases. If this is present, it must be the only source
for that entry. Database Default source list group compat group_compat
nis hosts files dns netgroup files [notfound=return] nis passwd compat
passwd_compat nis
On 09/29/2012 05:03 AM, David Touzeau wrote:
Thanks Heather Choi
But in my nsswitch i have
passwd: compat ldap winbind
group: compat ldap winbind
shadow: compat ldap winbind
As compat is and advanced "files" method...
So my nsswitch is compatible with your suggest...?
-----Original Message----- From: Heather Choi
Sent: Saturday, September 29, 2012 4:52 AM
To: [email protected]
Cc: [email protected]
Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe
process run cpu to 100%
You definitely should have "files" placed *before* winbind of passwd,
group and shadow, like:
passwd: files winbind
shadow: files winbind
group: files winbind
Otherwise, you will be hitting AD a whole ton for localized users and
definitely root with services running.
On 09/27/2012 02:00 AM, David Touzeau wrote:
Dear
I have connected samba 3.6.8 to my Active Directory in the lsass.exe
run to 100%
When stopping winbind the lsass.exe CPU is down to 0%
When set winbindd to debug mode, it seems it try to scan the root user
every time.
I would to know how to ban nsswitch to query winbindd for system
internal users such has root, apache.....
Here it is my nsswitch.conf :
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this file.
bind_policy soft
passwd: compat ldap winbind
group: compat ldap winbind
shadow: compat ldap winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netmasks: files
netgroup: files nis
publickey: files
bootparams: files
aliases: files
automount: ldap files
Attached file is the winbindd debug mode:
Hi, you say that you have connected samba 3.6.8 to your Active
Directory, How? and where does ldap come into it.
If you join a samba 3.6 machine to Active Directory, you only need
winbind to be added to nsswitch.conf
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
