Samba 2.2.8a / Winbind and Domains

Petty, Robert rpetty at
Tue Sep 23 16:06:58 GMT 2003

I have searched the archived through google and found only a few
suggestions, a couple of which suggested this mailing list so I am posting
here hoping I won't offend anyone...

We have an NT domain which is part of a corporate network with trusts
established to other domains in the corporation.  I have added winbind to my
samba configuration on a Solaris 9 server.  We've been using samba for
years, but this is the first implementation of Winbind.  I am including the
global configuration information below.  I join a single domain (den1), but
winbind add the other trusted domains (cal1,production).  When I access
shares, I can see with winbind in debug mode that it tries all addresses
provided by our wins server for the domain "cal1".  Unfortunately it takes
about ten or twelve seconds to get through all 5 addresses which are
provided.  I added "cal1" to my lmhosts file for samba and winbind is
getting the single address for it ( but still, cal1 is being
queried even though the username in the challenge is "den1\pettyr".

So here are my questions:

1) Can I override and prohibit the querying of trusted domains and limit the
queries to the domain which winbind is a member of?
2) Can I increase the time that a challenge is valid?  Right now, if I
remain inactive for around ten seconds, the next access to any shares
requires a revalidation via winbind.  This is time consuming and very

My smb.conf:

        workgroup = DEN1
        netbios name = classfs
        interface = classfs
        interfaces = classfs/
        bind interfaces only = Yes
        security = domain
        encrypt passwords = Yes
        password server = *
        server string = Samba (%v) domain (%h)
        template homedir = /usr/local/samba/home/%D/%U
        lock dir = /dna/samba/locks
        pid directory = /dna/samba/var/locks
        log file = /var/opt/samba/smb.log
        wins server =
        winbind uid = 19000-21000
        winbind gid = 19000-19000
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = true
        allow trusted domains = no
        keepalive = 300

Thanks in advance for any suggestions!


More information about the samba-technical mailing list