[Samba] 3.6.8: Winbind/Active Directory: lsass.exe process run cpu to 100%

Heather Choi hceuterpe at gmail.com
Sat Sep 29 08:26:02 MDT 2012 

manpages of nssswitch:
  compat           support `+/-' in the ``passwd'' and ``group''
                             databases.  If this is present,*it must be the
                             only source for that entry*.

            *Database*          *Default*  *source*  *list*
            group            compat
            group_compat     nis
            hosts            files dns
            netgroup         files [notfound=return] nis
            passwd           compat
            passwd_compat    nis


On 09/29/2012 05:03 AM, David Touzeau wrote:
> Thanks Heather Choi
>
> But in my nsswitch i have
>
> passwd:         compat ldap winbind
> group:          compat ldap winbind
> shadow:         compat ldap winbind
>
> As compat is and advanced "files" method...
> So my nsswitch is compatible with your suggest...?
>
>
> -----Original Message----- From: Heather Choi
> Sent: Saturday, September 29, 2012 4:52 AM
> To: mario.codeniera at gmail.com
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] 3.6.8: Winbind/Active Directory: lsass.exe 
> process run cpu to 100%
>
> You definitely should have "files" placed *before* winbind of passwd,
> group and shadow, like:
>
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
>
> Otherwise, you will be hitting AD a whole ton for localized users and
> definitely root with services running.
>
> On 09/27/2012 02:00 AM, David Touzeau wrote:
>> Dear
>> I have connected samba 3.6.8 to my Active Directory in the lsass.exe 
>> run to 100%
>> When stopping winbind the lsass.exe CPU is down to 0%
>> When set winbindd to debug mode, it seems it try to scan the root 
>> user every time.
>> I would to know how to ban nsswitch to query winbindd for system 
>> internal users such has root, apache.....
>>
>> Here it is my nsswitch.conf :
>>
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages 
>> installed, try:
>> # `info libc "Name Service Switch"' for information about this file.
>> bind_policy soft
>>
>> passwd:         compat ldap winbind
>> group:          compat ldap winbind
>> shadow:         compat ldap winbind
>>
>> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
>> networks:       files
>>
>> protocols:      db files
>> services:       db files
>> ethers:         db files
>> rpc:            db files
>> netmasks:       files
>> netgroup:       files nis
>> publickey:      files
>> bootparams:     files
>> aliases:        files
>> automount:      ldap files
>>
>> Attached file is the winbindd debug mode:
>>
>>
>

More information about the samba mailing list