[Samba] using winbind causes high load on the pdc
guido at lorenzutti.com.ar
guido at lorenzutti.com.ar
Fri Feb 19 04:42:47 MST 2010
Hi people: I have a winbind 3.2.5 running on a box to authenticate users
in my squid. My PDC is a samba 3.0.24 and it stores users on ldap. I have
aprox 500 users and when they all use the squid my winbind generates a lot
of traffic to my pdc box causing high load on the smb process that talks
to the winbind... killing the performance of the squid.
Is there anyway to reduce this traffic?
Why everytime a user navigates the winbind revalidates the credentials?
Cache for username/passwords? TTL? something?
Can I avoid the rpc traffic to the PDC and setup the winbind to talk to
the pdc via ldap?
This is my winbind smb.conf:
[global]
workgroup = DOMAIN
netbios name = PROXY
wins support = No
wins server = 10.1.0.44
password server = *
dns proxy = No
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = No
syslog = 0
security = domain
domain master = No
encrypt passwords = Yes
passdb backend = tdbsam
printing = none
load printers = No
restrict anonymous = 1
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind separator = \\
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind cache time = 900
winbind offline logon = Yes
Just for curious.. this is my squid.conf regarding ntlm:
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
auth_param ntlm children 280
auth_param ntlm keep_alive on
I try both keep_alive, on and off... no changes.
Thanks in advance.
More information about the samba
mailing list