[Samba] using winbind causes high load on the pdc

guido at lorenzutti.com.ar guido at lorenzutti.com.ar
Fri Feb 19 04:42:47 MST 2010

Hi people: I have a winbind 3.2.5 running on a box to authenticate users
in my squid. My PDC is a samba 3.0.24 and it stores users on ldap. I have
aprox 500 users and when they all use the squid my winbind generates a lot
of traffic to my pdc box causing high load on the smb process that talks
to the winbind... killing the performance of the squid.

Is there anyway to reduce this traffic?
Why everytime a user navigates the winbind revalidates the credentials?
Cache for username/passwords? TTL? something?
Can I avoid the rpc traffic to the PDC and setup the winbind to talk to
the pdc via ldap?

This is my winbind smb.conf:
   workgroup = DOMAIN
   netbios name = PROXY
   wins support = No
   wins server =
   password server = *
   dns proxy = No
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog only = No
   syslog = 0
   security = domain
   domain master = No
   encrypt passwords = Yes
   passdb backend = tdbsam
   printing = none
   load printers = No
   restrict anonymous = 1
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind separator = \\
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind cache time = 900
   winbind offline logon = Yes

Just for curious.. this is my squid.conf regarding ntlm:

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
auth_param ntlm children 280
auth_param ntlm keep_alive on

I try both keep_alive, on and off... no changes.

Thanks in advance.

More information about the samba mailing list