[Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%

Heather Choi hceuterpe at gmail.com
Fri Sep 28 20:52:31 MDT 2012

You definitely should have "files" placed *before* winbind of passwd, 
group and shadow, like:

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Otherwise, you will be hitting AD a whole ton for localized users and 
definitely root with services running.

On 09/27/2012 02:00 AM, David Touzeau wrote:
> Dear
> I have connected samba 3.6.8 to my Active Directory in the lsass.exe 
> run to 100%
> When stopping winbind the lsass.exe CPU is down to 0%
> When set winbindd to debug mode, it seems it try to scan the root user 
> every time.
> I would to know how to ban nsswitch to query winbindd for system 
> internal users such has root, apache.....
> Here it is my nsswitch.conf :
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, 
> try:
> # `info libc "Name Service Switch"' for information about this file.
> bind_policy soft
> passwd:         compat ldap winbind
> group:          compat ldap winbind
> shadow:         compat ldap winbind
> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netmasks:       files
> netgroup:       files nis
> publickey:      files
> bootparams:     files
> aliases:        files
> automount:      ldap files
> Attached file is the winbindd debug mode:

More information about the samba mailing list