Couple Questions about Winbindd

Wed Nov 28 06:03:02 GMT 2001

Samba List,
	Recently I moved a samba server that I had into production with
2.2.2+Winbind+ACL and I was wondering about a couple of things that I saw
while it was being used.

First, on my domain there are a lot of users, but the groups that they are
in and the accounts are pretty static once they are made.  They rarely ever
get moved or changed in their group.  Now when I am running Winbind there
are a lot of people connected to the same share and I would like to be able
to list those people very quickly, very often.  I have having trouble with
that though because when I do a smbstatus it has to go out to the Domain
Controller everytime and get all of the users and their names.  This causes
some extra stress on the domain controller and extra network traffic that I
would like to avoid.  I thought that setting the cache time option to
something higher might help this out, but how high is too high.  I mean
seconds seems to short for a static domain like the one here, minutes or
even hours seems like a better solution, but if I set it that high is it
going to cause samba (or winbind) issues?

Second, now that I have put Winbind into use I am noticing that there are
people that are connecting to the shares still as user nobody.  These people
all have active domain accounts and there are other people that are
connecting as their usernames, but not everyone is.  This leads me to
believe that Winbind is working correctly, but that sometimes it doesn't try
to auth this people.  Any ideas on how that works?

Third and final question.  As I am using winbind I have noticed that is
seems to start out as having you in the lowest of the the groups that you
are in.  Take this as an example:

		BrentNorris -> Domain Users, Domain Admins, ITS_GROUP

and three shares one with permissions for Domain Users, one for ITS_GROUP
and one for Domain Admins.  If I first connect to the share for Domain Users
and run a smbstatus it shows that I am in the Domain Users Group, if next I
go to the ITS_GROUP share it shows me as being in that, and then finally if
I go to the Domain Admins share it shows me as being in that.  The question
I have about it revolves around this though.  I have some people that would
only be in say the Domain Users and ITS_GROUP and when they try to connect
to the ITS_GROUP share it say that they do not have permission to do so.  It
is like winbind never moves them up to the next group. instead they are
stuck as Domain Users.  Anyone have any ideas as to why that might be?

Thanks and sorry for the long-ish email,


More information about the samba-ntdom mailing list