[Samba] Samba Winbind results caching

Harding, Jonathan jonathan.harding at wachovia.com
Mon Dec 10 19:58:51 GMT 2007

I am currently using Samba Winbind 3.0.20b-3.21 on x86_64 SLES 9 to
authenticate an external application (CVSNT <http://www.cvsnt.org/wiki>
: http://www.cvsnt.org/wiki) using the ntlm_auth
--helper-protocol=squid-2.5-ntlmssp executable.  The Linux machine is
joined to a specific domain controller using security=domain and net rpc
join -Uuser -Sserver.  We are, however, experiencing problems when we
approach more than 1-2 connections per second. Tt will lock-out a user
from the domain controller.  I attended a talk at LinuxWorld this August
talking where the presenter (Thanks Jerry!) talked about results caching
in Winbind which I think was added somewhere in 3.0.23-3.0.26.  I've
converted my configuration to security=ADS, but does this even matter if
I'm using ntlm_auth?  However, I am not exactly sure how to enable
results caching
#id412710> :
id412710  in smb.conf, if I even have to.  Will results caching work
with ntlm_auth?  Do I need to use any of the following or anything else
in my smb.conf?  


        idmap backend = tdb ?   

        winbind cache time = 300 ?  Why is this five minutes?  I thought
results caching knew when it needed to re-authenticate against the
domain controller.




         workgroup = MYDOMAIN

        #security = DOMAIN


        #DOMAIN ADS


        security = ads

        encrypt passwords = Yes

        update encrypted = Yes

        password server = *

        preferred master = False

        local master = No

        domain master = False

        wins server = <my wins servers>

        winbind separator = +       

        idmap uid = 10000-25000

        idmap gid = 10000-25000

        #idmap cache time = 7200

        #idmap negative cache time = 120

        #winbind cache time = 7200


        idmap backend = tdb

        winbind enum users = yes

        winbind enum groups = yes

        winbind use default domain = true



More information about the samba mailing list