ADS grouplisting with getent fails
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Apr 13 07:25:33 GMT 2005
Hello, Martin!
On Wed, Apr 13, 2005 at 08:48:06AM +0200, Martin Zielinski wrote:
> I'm facing some problems with the group and userlistings on a (quite)
> slow machine in a huge AD Domain.
> There are ~10000 users and ~4000 groups and several trust-relationships
> accross europe.
> I often need several tries to receive the listing.
> I found, that the problem is the 30-seconds-timeout in
> nsswitch/wb_common.c - read_sock(). Perhaps this could be handled more
> generously?
Yes, certainly. Right now I'm in the process of getting the enumeration
functions in winbind trunk/ right. The main problem is that for a domain
everything is being read in a big chunk. Although for security=ads we're using
paged searches, the end result the user sees is the one big chunk per domain.
This needs to and will change, although that is quite an intrusive change that
will probably not come for 3.0.15. In the meantime you could just increase the
timeout. Can you do that yourself, or do you want patched binaries?
Volker
More information about the samba-technical
mailing list