[Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%
david at touzeau.eu
Sat Sep 29 04:03:54 MDT 2012
Thanks Heather Choi
But in my nsswitch i have
passwd: compat ldap winbind
group: compat ldap winbind
shadow: compat ldap winbind
As compat is and advanced "files" method...
So my nsswitch is compatible with your suggest...?
From: Heather Choi
Sent: Saturday, September 29, 2012 4:52 AM
To: mario.codeniera at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run
cpu to 100%
You definitely should have "files" placed *before* winbind of passwd,
group and shadow, like:
passwd: files winbind
shadow: files winbind
group: files winbind
Otherwise, you will be hitting AD a whole ton for localized users and
definitely root with services running.
On 09/27/2012 02:00 AM, David Touzeau wrote:
> I have connected samba 3.6.8 to my Active Directory in the lsass.exe run
> to 100%
> When stopping winbind the lsass.exe CPU is down to 0%
> When set winbindd to debug mode, it seems it try to scan the root user
> every time.
> I would to know how to ban nsswitch to query winbindd for system internal
> users such has root, apache.....
> Here it is my nsswitch.conf :
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed,
> # `info libc "Name Service Switch"' for information about this file.
> bind_policy soft
> passwd: compat ldap winbind
> group: compat ldap winbind
> shadow: compat ldap winbind
> hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
> networks: files
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
> netmasks: files
> netgroup: files nis
> publickey: files
> bootparams: files
> aliases: files
> automount: ldap files
> Attached file is the winbindd debug mode:
To unsubscribe from this list go to the following URL and read the
More information about the samba