Is it possible to fork multiple child Winbindd processes and setup multiple connections to the primary DC?

[Hou, Kevin]

Hi Metze,

If only one DCERPC connection can be setup at a time, then it's really sad. Is there any document that specify this DCERPC behavior? I read through MS document "Netlogon Remote Protocol Specification (MS-NRPC.pdf)", but didn't find any description about it.

Really thanks your input! 

Regards,
Kevin

-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:metze at samba.org] 
Sent: Wednesday, August 15, 2012 4:23 PM
To: Andrew Bartlett
Cc: Hou, Kevin; samba-technical at lists.samba.org
Subject: Re: Is it possible to fork multiple child Winbindd processes and setup multiple connections to the primary DC?

Hi Andrew,

>> As far as I know, the child Winbindd process is forked per domain and only one connection to that primary DC is setup. All requests to DC go through this connection sequentially. 
>> Is it possible to fork multiple child Winbindd processes and setup multiple connections to the primary DC? If yes, we can keep those connections, and requests can go to DC concurrently, which may enhance Winbindd performance.
>>
>> Please correct me if I'm wrong and give some suggestion on how to enhance the Winbindd performance for high through output authentication validation.
> 
> Rather than have multiple child processes here, what we need to do is 
> handle the netlogon SamLogon calls in an async manner.

As far as I know this would sadly only work at the SMB layer, as the Secure Channel DCERPC auth layer maintains just one sequence number, which means only one DCERPC operation can run at a time.

metze



 Protected by Websense Hosted Email Security -- www.websense.com