We had issues with auth times until the AD structure was fixed here. It involved configuring AD sites to make sure that our auth requests went to local AD servers. I continuously track auth times with Time wbinfo -a username%password Just to have an idea when there are problems. Our local AD structure that we have some control of normally takes:
Real .031s User .019s Sys .000s Our enterprise AD with all the real user accounts that we have no control of: Real .04 to .1 s User .018s Sys .002s This is after it being fixed. Before we saw real times of .04s to 20s. If you constantly get 20s times, it is basically unusable. I found native AD to be slower so am using domain membership on FC2, samba 3.14a. My guess is that the difference between user + sys and real is the wait for the reply back from AD. I found no difference in using AD DNS or local bind dns in my case. I didn't even ask about the AD added attributes but use openldap to store the SID to UID mappings. When I use wbinfo to test UID to SID resolution time, it is very quick, so I think most of my latency right now is in AD. Chuck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
