On Fri, Feb 16, 2007 at 05:31:05PM +0100, ZIGLIO, Frediano, VF-IT wrote: > Hi, > I installed samba on a large Active Directory. All is working, I use > winbind in pam and everything is working. > However sometime it just hang for a while (say 20 seconds) and then go > without problems. > Currently I increased "winbind cache time" to mitigate the problem. > There are mainly two situation where this hang occur > 1- login > 2- ls -l > 3- groups > > I tried to analyze the problem a bit deeply. The hang with case 2 occurs > every 2/3 minutes (without "winbind cache time") so I launched a strace > on winbind and when ls -l hang I see a lot of ldap query !!! Then I > launch tcpdump on ldap port and strace and retry the ls -l test. > Now I do a ls -l in my home directory. My user is an AD user of a > "DOMAIN\Domain Users" main group so ls -l say something like > > -rw-r--r-- 1 user Domain Users 1234 Xxx XX 2005 file.txt > > ls -ln: > > -rw-r--r-- 1 16804756 16777217 1234 Xxx XX 2005 file.txt > > So ls -l should ask which user is 16804756 and which group is 16777217. > Winbind should (IMHO) get SID of 16804756 and 16777217 from local cache > then check if names are updated in cache and update if necessary. The > problem is that winbind do not simply check for 16777217 name but when > group change it dump many other informations like users in the group and > then for each user in the group it ask for informations. Now all users > in AD (I know is ugly but I don't manage AD) have Domain Users as the > main group so it take very long to get all users list and update every > users. It would be better (at list for my case) that winbind just get > group name and mark "the member list is not correct". > > Is anybody working in this direction? Can I help you in some way?
We already have fixes for this in the SAMBA_3_0_25 tree. If you're willing to experiment then you could try the SVN code to see if it fixes the issue. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
