[Samba] using winbind causes high load on the pdc

guido at lorenzutti.com.ar guido at lorenzutti.com.ar
Fri Feb 19 09:14:30 MST 2010 

I try... no help
I still have a lot of traffic between the winbind and the pdc and high
load on the pdc.

Why this traffic has to be rpc to the pdc? Can the winbind use ldap to
check username and password?


> Unless they're needed for your configuration, try
>
>      winbind enum users = No
>      winbind enum groups = No
>
> In a large site, those create a lot of traffic.
>
> Dale
>
>
> On 02/19/2010 5:42 AM, guido at lorenzutti.com.ar wrote:
>> Hi people: I have a winbind 3.2.5 running on a box to authenticate users
>> in my squid. My PDC is a samba 3.0.24 and it stores users on ldap. I
>> have
>> aprox 500 users and when they all use the squid my winbind generates a
>> lot
>> of traffic to my pdc box causing high load on the smb process that talks
>> to the winbind... killing the performance of the squid.
>>
>> Is there anyway to reduce this traffic?
>> Why everytime a user navigates the winbind revalidates the credentials?
>> Cache for username/passwords? TTL? something?
>> Can I avoid the rpc traffic to the PDC and setup the winbind to talk to
>> the pdc via ldap?
>>
>> This is my winbind smb.conf:
>> [global]
>>     workgroup = DOMAIN
>>     netbios name = PROXY
>>     wins support = No
>>     wins server = 10.1.0.44
>>     password server = *
>>     dns proxy = No
>>     log file = /var/log/samba/log.%m
>>     max log size = 1000
>>     syslog only = No
>>     syslog = 0
>>     security = domain
>>     domain master = No
>>     encrypt passwords = Yes
>>     passdb backend = tdbsam
>>     printing = none
>>     load printers = No
>>     restrict anonymous = 1
>>     winbind enum users = Yes
>>     winbind enum groups = Yes
>>     winbind use default domain = Yes
>>     winbind separator = \\
>>     winbind uid = 10000-20000
>>     winbind gid = 10000-20000
>>     winbind cache time = 900
>>     winbind offline logon = Yes
>>
>> Just for curious.. this is my squid.conf regarding ntlm:
>>
>> auth_param ntlm program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
>> auth_param ntlm children 280
>> auth_param ntlm keep_alive on
>>
>> I try both keep_alive, on and off... no changes.
>>
>>
>> Thanks in advance.
>>
>>
>

More information about the samba mailing list