"getent group" shows both domains group and domain users - wi
nbind bug ?
Mayers, Philip J
p.mayers at ic.ac.uk
Tue Oct 30 03:00:10 GMT 2001
This is a common problem with network NSS modules (LDAP has the same
problem). The correct fix is for lpq to use "getgrouplist" which is present
on the free BSDs and linux with glibc>=2.2.4 - the latter will use the
initgroups_dyn NSS hook to boost performance. Does nss_winbind implement
this hook cheaply?
Regards,
Phil
+------------------------------------------+
| Phil Mayers |
| Network & Infrastructure Group |
| Information & Communication Technologies |
| Imperial College |
+------------------------------------------+
-----Original Message-----
From: Tim Potter [mailto:tpot at samba.org]
Sent: 29 October 2001 20:35
To: Roberto Sebastiano
Cc: samba-technical at samba.org
Subject: Re: "getent group" shows both domains group and domain users -
winbind bug ?
Roberto Sebastiano writes:
> I installed winbind and after some trouble all (?) worked fine, but I
> had a problem with lprng.. lpq -a takes 7.5 seconds to execute with the
> group winbind in /etc/nssswitch.conf, less than 1 second with group
> files .. so I investigated a bit, this is what I found.
>
> Maybe a bug ?
We had a discussion about this on irc last night. My theory is
that lpq is doing a full enumeration of all groups on the system,
probably to determine which groups the user is a member of. You
seem to have a large number of users and groups on your NT PDC.
One solution is to disable group enumeration with 'winbindd enum
groups = false'. Another is to fix the group caching code which
I broke ages ago and it was too hard to fix. )-: The last
solution is to recode lpq so it doesn't enumerate all groups.
Tim.
More information about the samba-technical
mailing list