[Samba] winbind - timeouts in domain with >100000 domain users

Ralf Gross Ralf-Lists at ralfgross.de
Mon Jan 22 17:36:20 GMT 2007 

Gerald (Jerry) Carter schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ralf Gross wrote:
> > Hi,
> > 
> > I'm trying out samba with winbind. The domain has >100000 users and
> > I'm having some problems with the wbinfo and getent programs. The
> > server is domain member and running debin etch (x86_64) with
> > samba-3.0.23d.
> > 
> > idmap uid = 70000-300000
> > idmap gid = 70000-300000
> > winbind enum users = yes
> > winbind enum groups = yes
> 
> Is there any real reason that you have these enabled?

>From the smb.conf man page.

Warning
          Turning off user enumeration may cause some programs to
	  behave oddly. For example, the finger program relies on
	  having  access  to  the  full user list when searching for
	  matching usernames.  Default: winbind enum users = no

I tried both settings but I couldn't see any difference.

This is with winbind enum users/groups = no

$ wbinfo -t
checking the trust secret via RPC calls succeeded

$ wbinfo -i emea\\ralfgro
ralfgro:*:70000:70000:Gross, Ralf:/home/EMEA/ralfgro:/bin/false

$ wbinfo -u
...hangs
<ctrl-c>

$ wbinfo -i emea\\ralfgro
Could not get info for user emea\ralfgro

Tha main problem ist not that wbinfo doesn't return all users, it's
the fact that winbind seems to be completely unaccessible afterwards.

[2007/01/22 18:26:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine xxxx pipe \NETLOGON fnum 0x4015returned critical
  error. Error was Call timed out: server did not respond after 10000
  milliseconds
[2007/01/22 18:26:16, 1] libsmb/clientgen.c:cli_rpc_pipe_close(376)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4015 to
  machine SSTRD010.  Error was Call timed out: server did not respond after 10000
  milliseconds

$ /etc/init.d/winbind stop
Stopping the Winbind daemon: winbind.

$ pgrep -l -f winbind
24262 /usr/sbin/winbindd -B
24263 /usr/sbin/winbindd -B

$ pkill -9 winbindd
$ pgrep -l -f winbind

$ /etc/init.d/winbind start
Starting the Winbind daemon: winbind.

$ wbinfo -i emea\\ralfgro
ralfgro:*:70000:70000:Gross, Ralf:/home/EMEA/ralfgro:/bin/false

winbind didn't respond until I killed the process and restarted the daemon.

At the same time winbind hung on this system I could execute 'wbinfo -i
emea\\ralfgro' on an other system with success.

Ralf

More information about the samba mailing list