[Samba] Samba Winbind results caching
Harding, Jonathan
jonathan.harding at wachovia.com
Mon Dec 10 19:58:51 GMT 2007
I am currently using Samba Winbind 3.0.20b-3.21 on x86_64 SLES 9 to
authenticate an external application (CVSNT <http://www.cvsnt.org/wiki>
: http://www.cvsnt.org/wiki) using the ntlm_auth
--helper-protocol=squid-2.5-ntlmssp executable. The Linux machine is
joined to a specific domain controller using security=domain and net rpc
join -Uuser -Sserver. We are, however, experiencing problems when we
approach more than 1-2 connections per second. Tt will lock-out a user
from the domain controller. I attended a talk at LinuxWorld this August
talking where the presenter (Thanks Jerry!) talked about results caching
in Winbind which I think was added somewhere in 3.0.23-3.0.26. I've
converted my configuration to security=ADS, but does this even matter if
I'm using ntlm_auth? However, I am not exactly sure how to enable
results caching
<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
#id412710> :
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#
id412710 in smb.conf, if I even have to. Will results caching work
with ntlm_auth? Do I need to use any of the following or anything else
in my smb.conf?
idmap backend = tdb ?
winbind cache time = 300 ? Why is this five minutes? I thought
results caching knew when it needed to re-authenticate against the
domain controller.
<..smb.conf...>
workgroup = MYDOMAIN
#security = DOMAIN
#DOMAIN ADS
REALM = MYDOMAIN.NET
security = ads
encrypt passwords = Yes
update encrypted = Yes
password server = *
preferred master = False
local master = No
domain master = False
wins server = <my wins servers>
winbind separator = +
idmap uid = 10000-25000
idmap gid = 10000-25000
#idmap cache time = 7200
#idmap negative cache time = 120
#winbind cache time = 7200
idmap backend = tdb
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = true
<..smb.conf...>
More information about the samba
mailing list