[Samba] winbind stop working

daniele samba.10.danber at spamgourmet.com
Wed May 9 03:16:42 MDT 2012

Il 08/05/2012 21:37, Kevin Elliott ha scritto:
> Interesting.
> I'l try this and see what happens.
> Any idea why setting such an aggressive cache refresh time for the idmap issue could resovle this?

My server is still in test, so I don't know what will happen when 
hundreds of users became to connect. As a reference, in the current 
working server with samba Version 3.0.33-3.29.el5_7.4 the parameter 
idmap cache time is set to the default (900).
I wonder about such difference (900 vs 604800) and I did use 900 instead 
of 300. Now it looks good (after 1 day), but I'll keep in test for some 
I also had bad mapping problems: winbind reported uncorrect number of 
groups and wrong group for some users.
I guess this is also related to the cache because after yesterday is 
working correctly and I don't know why (may be: net cache flush or some 
smb.conf parameter or ...).
I also verified that setting idmap uid and idmap gid at a value like 
10000-20000 does not work (I have no unix user or group in the range 
1000-65000, so I supposed the range 10000-20000 was equivalent to 
15000-25000 ...)

My actual settings are:
	workgroup = CED
	realm = CED.AOS
	server string = Samba Server Version %v
	security = ADS
	password server =
	name resolve order = lmhosts host bcast
	passdb backend = tdbsam
	ldap ssl = no
	idmap uid = 100000-200000
	idmap gid = 100000-200000
	winbind separator = +
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = Yes
	cups options = raw
	winbind cache time = 300
	idmap cache time = 900
	encrypt passwords = yes

Daniele Bernazzi

More information about the samba mailing list