[Samba] winbind - timeouts in domain with >100000 domain users

Ralf Gross Ralf-Lists at ralfgross.de
Mon Jan 22 16:17:54 GMT 2007 

Hi,

I'm trying out samba with winbind. The domain has >100000 users and
I'm having some problems with the wbinfo and getent programs. The
server is domain member and running debin etch (x86_64) with
samba-3.0.23d.

idmap uid = 70000-300000
idmap gid = 70000-300000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template shell = /bin/false
security = domain

$ wbinfo -i emea\\ralfgro
ralfgro:*:70000:70000:Gross, Ralf:/home/EMEA/ralfgro:/bin/false

$ wbinfo -t
checking the trust secret via RPC calls succeeded

$ id -a ralfgro
...long timeout
 
$ getent passwd
[local unix users]
...long timeout 

Sometimes I get back the list of domain users, but this happens only
rarely. During the these commands I can't connect to my shares with my
domain account. Even the top and ps commands seem to hang.

session setup failed: Call timed out: server did not respond after
20000 milliseconds

If I do an 'ls -l' in a dirctory with files that belong to a doamin
user, it sometimes takes ages to return the file list.


I have a local unix account ralfgro that has uid 50789 and a domain
account that is mapped to uid 70000. If I now copy files to the server
using smbclient they are created with my domain uid. If I create files
with an editor on the local fs (vim) they have the uid  of my unix
account. Is this the way it should be? I ask this, because an old
server should be migrate to this new hardware and there are many unix
accounts and much data that already belong to users. The old server
has never been member of this domain, only 'security = server'
was used for authentication.

/etc/passwd
ralfgro:x:50789:50789::/home/ralfgro:/bin/sh

$ wbinfo -i emea\\ralfgro
ralfgro:*:70000:70000:Gross, Ralf:/home/EMEA/ralfgro:/bin/false

$ ls -l /tmp/foo
insgesamt 48
-rw-r--r-- 1 ralfgro ralfgro          5 2007-01-22 14:13 test
-rw-rw---- 1 ralfgro domain users 41180 2007-01-22 14:11 test2

$ ls -ln /tmp/foo
insgesamt 48
-rw-r--r-- 1 50789 50789     5 2007-01-22 14:13 test
-rw-rw---- 1 70000 70000 41180 2007-01-22 14:11 test2


Ralf

More information about the samba mailing list