[Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%

David Touzeau david at touzeau.eu
Sat Sep 29 04:03:54 MDT 2012 

Thanks Heather Choi

But in my nsswitch i have

passwd:         compat ldap winbind
group:          compat ldap winbind
shadow:         compat ldap winbind

As compat is and advanced "files" method...
So my nsswitch is compatible with your suggest...?


-----Original Message----- 
From: Heather Choi
Sent: Saturday, September 29, 2012 4:52 AM
To: mario.codeniera at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run 
cpu to 100%

You definitely should have "files" placed *before* winbind of passwd,
group and shadow, like:

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Otherwise, you will be hitting AD a whole ton for localized users and
definitely root with services running.

On 09/27/2012 02:00 AM, David Touzeau wrote:
> Dear
> I have connected samba 3.6.8 to my Active Directory in the lsass.exe run 
> to 100%
> When stopping winbind the lsass.exe CPU is down to 0%
> When set winbindd to debug mode, it seems it try to scan the root user 
> every time.
> I would to know how to ban nsswitch to query winbindd for system internal 
> users such has root, apache.....
>
> Here it is my nsswitch.conf :
>
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, 
> try:
> # `info libc "Name Service Switch"' for information about this file.
> bind_policy soft
>
> passwd:         compat ldap winbind
> group:          compat ldap winbind
> shadow:         compat ldap winbind
>
> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> netmasks:       files
> netgroup:       files nis
> publickey:      files
> bootparams:     files
> aliases:        files
> automount:      ldap files
>
> Attached file is the winbindd debug mode:
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list