[Samba] Winbind problem (Trusting domains)
Vijay Avarachen
vavarachen at gmail.com
Sat Dec 17 15:06:47 GMT 2005
I cannot comment on idmap_rid approach because I am currently using
idmap_ldap. I have had a wonderful experience with this setup. Also on
all the clients I am running nscd and I have had no troubles.
If nscd ever gives you trouble all you have to do is invalidate the cache in
question. Rather than shutting down nscd you can simpley do nscd -i passwd
to flush the users cache.
I must warn you that the idmap_ldap setup is horribly unstable on
RHEL3.xand CentOS
3.x. Winbind dies periodically. However on CentOS4/RHEL4 and SLEL 9.3 it
is very stable. I am also running Gentoo clients and it is very stable on
that too.
By the way initially I did all my testing without nscd. I only started to
use nscd when I noticed the increased load on ldap server and slow response.
On 12/16/05, Simo Sorce <idra at samba.org> wrote:
>
> On Fri, 2005-12-16 at 12:33 +0100, Michael Gasch wrote:
> > it has always been mentioned, that idmap_rid is the better backend in
> > large organizations
>
> Sorry ?
>
> I do not think idmap_rid is good for v. large organization.
> Probably the best bet is idmap_ldap.
>
> Nscd is ok as long as you know it's downsides. For example on the PDC it
> is necessary to shut it down while adding or modifying users, and it may
> be a problem on member servers as it caches both positive _and_ negative
> lookups.
>
> Simo.
>
> --
> Simo Sorce - idra at samba.org
> Samba Team - http://www.samba.org
> Italian Site - http://samba.xsec.it
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
"Knowledge is the only wealth that grows as you spend it, and diminishes as
you save it."
-- ancient Sanskrit saying
More information about the samba
mailing list