Re: [Samba] winbind - timeouts in domain with >100000 domain users

Mon, 22 Jan 2007 09:38:33 -0800 

Gerald (Jerry) Carter schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ralf Gross wrote:
> > Hi,
> > 
> > I'm trying out samba with winbind. The domain has >100000 users and
> > I'm having some problems with the wbinfo and getent programs. The
> > server is domain member and running debin etch (x86_64) with
> > samba-3.0.23d.
> > 
> > idmap uid = 70000-300000
> > idmap gid = 70000-300000
> > winbind enum users = yes
> > winbind enum groups = yes
> 
> Is there any real reason that you have these enabled?

>From the smb.conf man page.

Warning
          Turning off user enumeration may cause some programs to
          behave oddly. For example, the finger program relies on
          having  access  to  the  full user list when searching for
          matching usernames.  Default: winbind enum users = no

I tried both settings but I couldn't see any difference.

This is with winbind enum users/groups = no

$ wbinfo -t
checking the trust secret via RPC calls succeeded

$ wbinfo -i emea\\ralfgro
ralfgro:*:70000:70000:Gross, Ralf:/home/EMEA/ralfgro:/bin/false

$ wbinfo -u
...hangs
<ctrl-c>

$ wbinfo -i emea\\ralfgro
Could not get info for user emea\ralfgro

Tha main problem ist not that wbinfo doesn't return all users, it's
the fact that winbind seems to be completely unaccessible afterwards.

[2007/01/22 18:26:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine xxxx pipe \NETLOGON fnum 0x4015returned critical
  error. Error was Call timed out: server did not respond after 10000
  milliseconds
[2007/01/22 18:26:16, 1] libsmb/clientgen.c:cli_rpc_pipe_close(376)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4015 to
  machine SSTRD010.  Error was Call timed out: server did not respond after 
10000
  milliseconds

$ /etc/init.d/winbind stop
Stopping the Winbind daemon: winbind.

$ pgrep -l -f winbind
24262 /usr/sbin/winbindd -B
24263 /usr/sbin/winbindd -B

$ pkill -9 winbindd
$ pgrep -l -f winbind

$ /etc/init.d/winbind start
Starting the Winbind daemon: winbind.

$ wbinfo -i emea\\ralfgro
ralfgro:*:70000:70000:Gross, Ralf:/home/EMEA/ralfgro:/bin/false

winbind didn't respond until I killed the process and restarted the daemon.

At the same time winbind hung on this system I could execute 'wbinfo -i
emea\\ralfgro' on an other system with success.

Ralf
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to