[Samba] winbind + samba limits with large AD?

Michael Adam ma at sernet.de
Tue Jul 10 22:25:50 GMT 2007 

On Di, Jul 10, 2007 at 11:33:24 +0200, Ralf Gross wrote:
> Michael Adam schrieb:
> > 
> > I assume that you are using "security = ads" and I assume that
> > your AD setup has groups with lots of members?
> 
> Yes, that's right.
>  
> > There is no way to improve the performance significantly with
> > 3.0.24 (except patching). So I suggest that you grab the latest 
> > sources with svn (see http://www.samba.org/samba/devel/), you 
> > can also get the upcoming release branch SAMBA_3_2_0 here) or 
> > get the unpacked sources with rsync like so:
> > "rsync -avSH samba.org::ftp/pub/unpacked/samba_3_2/ ./samba_3_2"
> > and then compile it yourself.
> 
> I can't use rsync or cvs from office. It seems that svnweb which is
> mentioned in the howto is not working anymore.

Assuming you have a web proxy, you can try rsync with setting
the environment variable RSYNC_PROXY to $proxy_ip:$proxy_port
(like "export RSYNC_PROXY=192.168.0.1:3128" in bash).

> http://svnanon.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html#id442180
> 
> I can't reach http://svnweb.samba.org/. 

That should probably be websvn instead of svnweb, but this is
for inspecting single files and diffs, not for downloading the
sources anyway.

> Is there another way to get the 3_2 release by svn/http?

If you can't get it with rsync through http, I could put
a tarball for download somewhere tomorrow. Just let me know.

> > The reason why lookup_groupmem gets used in "ls -l" at all is
> > that the getgrgid library call is used to resolve the gids into
> > names, and this call returns not only the name but the whole 
> > group structure, including the list of members.
> > 
> > So to confirm my assumptions above, you could compare the
> > runtime of "ls -l" to that of "ls -ln": The latter should be
> > much faster! 
> 
> Thanks for your reply, I'll try to get the source and compile it. This
> might take some time. BTW: wbinfo also wasn't working right and
> winbindd was not responding after issuing that command.

By "that command" you mean "ls -ln"?

Well, let's see what improvement the new version brings.
BTW: The enhancements were made specifically for environments
with hundreds of thousands of users and groups (and large
groups!) in ad.

Cheers, Michael

-- 
Michael Adam <ma at sernet.de>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE

More information about the samba mailing list