Question on ntlm_auth tool

Andrew Bartlett abartlet at
Thu Sep 16 13:21:36 GMT 2004

On Thu, 2004-09-16 at 17:11, Henrik Nordstrom wrote:
> On Thu, 16 Sep 2004, Andrew Bartlett wrote:
> > My suggestion is that we would return SIDs only, and that you would
> > convert the names that you store for ACLs into SIDs, for comparison.
> > (The reason we would only return the SIDs is to avoid the extra network
> > cost.)
> Doesn't winbind cache these SID->Name lookups, thereby already avoiding 
> the cost in most cases?

They are, but I'm a cache skeptic (despite my love for squid ;-).  I've
been designing this code to avoid needing to make any extra queries at
all - that way, we don't add network load, even in the worst cases.

However, more importantly what we have found is that the extra network
calls can sometimes block in nasty ways - which with a single-threaded
winbindd bites us badly...

Andrew Bartlett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list