Hi, I installed samba on a large Active Directory. All is working, I use winbind in pam and everything is working. However sometime it just hang for a while (say 20 seconds) and then go without problems. Currently I increased "winbind cache time" to mitigate the problem. There are mainly two situation where this hang occur 1- login 2- ls -l 3- groups
I tried to analyze the problem a bit deeply. The hang with case 2 occurs every 2/3 minutes (without "winbind cache time") so I launched a strace on winbind and when ls -l hang I see a lot of ldap query !!! Then I launch tcpdump on ldap port and strace and retry the ls -l test. Now I do a ls -l in my home directory. My user is an AD user of a "DOMAIN\Domain Users" main group so ls -l say something like -rw-r--r-- 1 user Domain Users 1234 Xxx XX 2005 file.txt ls -ln: -rw-r--r-- 1 16804756 16777217 1234 Xxx XX 2005 file.txt So ls -l should ask which user is 16804756 and which group is 16777217. Winbind should (IMHO) get SID of 16804756 and 16777217 from local cache then check if names are updated in cache and update if necessary. The problem is that winbind do not simply check for 16777217 name but when group change it dump many other informations like users in the group and then for each user in the group it ask for informations. Now all users in AD (I know is ugly but I don't manage AD) have Domain Users as the main group so it take very long to get all users list and update every users. It would be better (at list for my case) that winbind just get group name and mark "the member list is not correct". Is anybody working in this direction? Can I help you in some way? Regards, Frediano Ziglio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
