winbindd_idmap.tdb recovery

Tim Potter tpot at
Wed Feb 6 13:59:03 GMT 2002

On Wed, Feb 06, 2002 at 10:37:56AM +0100, Michael Steffens wrote:

> anything involving "wbinfo -u" or "wbinfo -g" is not an option
> in our environment, due to the scaling problem you mentioned.
> We are dealing with more than 80000 NT accounts spread across a
> dozen trusted domains, and once I already regretted to have
> invoked "wbinfo -u" for curiosity :-)
> Fortunately, the "-u" and "-g" modes of wbinfo don't attempt
> to map IDs, but you can be sure to have winbindd busy for at
> least the next couple of hours...

Heh.  You can use the 'winbind enum groups' or 'winbind enum users'
parameters (they are booleans) to disable getpwent/getgrent and
hopefully avoid big lockups.  This still won't protect you against
wbinfo -u/g though.

Tridge has some ideas for a winbindd that only responds out of it's
cache and a forked process populating the cache.


More information about the samba-technical mailing list