winbind with large amount of users and groups

Yuval Hager yuval at
Fri Nov 16 18:17:37 GMT 2001


I have just tested winbind (as a PAM library) in the following
- an NT domain with 200 users and 1000 groups
- an NT domain with 3000 users and 200 groups.

After installed (samba-2.2.2 w/o the winbind memleak fix) and added to
nsswitch.conf and the PAM, any trial to login to the machine, or even issue
an `id' on a domain user would take 20 to 60 seconds.

The winbind settings are the usual, I tried to chaged the "cache time"
settings but it seemed to had no real effect.. (I have previously seen some
problems with the winbind cache, but I'm not sure about that yet).

We have traced the line and found many queries onto the NT PDC. From a first
look it looks very inefficient..
I haven't checked the code yet, but is this reasonable ? Did any of you had
a successful installation on such amounts of users ? Is the search merely
inefficient or does it "have" to be that way.. ?



More information about the samba-technical mailing list