[Samba] winbindd: Exceeding 200 client connections, no idle connection found

Jason Haar Jason.Haar at trimble.co.nz
Wed Feb 20 03:28:03 GMT 2008

Elvar wrote:
> I know I'm beating a dead dog asking about this but I still haven't 
> seen a resolution. Can anyone out there tell me how to fix this? When 
> this happens my users cannot get past the Squid proxy and are 
> presented with an authentication popup window in their browser which 
> does not let them past until the 200 connections limit is no longer 
> maxed out. There are probably 500 computers total at this facility and 
> sometimes more than 200 connections is needed.
That doesn't sound right... Squid aggressively caches the lookups so 
that winbind doesn't have to keep doing it - you really shouldn't be 
hitting that limit. Check your "credentialsttl" settings - they should 
be 2hours or the like.

Argh. I've just google'd this: it only applies to Basic auth. I bet 
you're using NTLM? Due to the hokey way (technical term ;-) NTLM works, 
Squid can't cache the lookups as much (from a posting in 2003 - can't 
find anything newer).


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the samba mailing list