winbind with large amount of users and groups
Jeremy Allison
jra at samba.org
Fri Nov 16 19:23:01 GMT 2001
On Fri, Nov 16, 2001 at 06:15:59PM +0200, Yuval Hager wrote:
> Hi,
>
> I have just tested winbind (as a PAM library) in the following
> configurations:
> - an NT domain with 200 users and 1000 groups
> - an NT domain with 3000 users and 200 groups.
>
> After installed (samba-2.2.2 w/o the winbind memleak fix) and added to
> nsswitch.conf and the PAM, any trial to login to the machine, or even issue
> an `id' on a domain user would take 20 to 60 seconds.
>
> The winbind settings are the usual, I tried to chaged the "cache time"
> settings but it seemed to had no real effect.. (I have previously seen some
> problems with the winbind cache, but I'm not sure about that yet).
>
> We have traced the line and found many queries onto the NT PDC. From a first
> look it looks very inefficient..
> I haven't checked the code yet, but is this reasonable ? Did any of you had
> a successful installation on such amounts of users ? Is the search merely
> inefficient or does it "have" to be that way.. ?
This is a known issue that we're working on. It will
be fixed (ie. much faster :-) for the 2.2.3 release.
I just finished the backport from HEAD into 2.2 of the
new mem-leak-free winbindd code, and will now spend significant
time optimising it.
Jeremy.
More information about the samba-technical
mailing list