[Samba] using winbind causes high load on the pdc
dale at BriannasSaladDressing.com
Fri Feb 19 07:54:55 MST 2010
Unless they're needed for your configuration, try
winbind enum users = No
winbind enum groups = No
In a large site, those create a lot of traffic.
On 02/19/2010 5:42 AM, guido at lorenzutti.com.ar wrote:
> Hi people: I have a winbind 3.2.5 running on a box to authenticate users
> in my squid. My PDC is a samba 3.0.24 and it stores users on ldap. I have
> aprox 500 users and when they all use the squid my winbind generates a lot
> of traffic to my pdc box causing high load on the smb process that talks
> to the winbind... killing the performance of the squid.
> Is there anyway to reduce this traffic?
> Why everytime a user navigates the winbind revalidates the credentials?
> Cache for username/passwords? TTL? something?
> Can I avoid the rpc traffic to the PDC and setup the winbind to talk to
> the pdc via ldap?
> This is my winbind smb.conf:
> workgroup = DOMAIN
> netbios name = PROXY
> wins support = No
> wins server = 10.1.0.44
> password server = *
> dns proxy = No
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog only = No
> syslog = 0
> security = domain
> domain master = No
> encrypt passwords = Yes
> passdb backend = tdbsam
> printing = none
> load printers = No
> restrict anonymous = 1
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind separator = \\
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind cache time = 900
> winbind offline logon = Yes
> Just for curious.. this is my squid.conf regarding ntlm:
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
> auth_param ntlm children 280
> auth_param ntlm keep_alive on
> I try both keep_alive, on and off... no changes.
> Thanks in advance.
More information about the samba