[Samba] Linux Workstation x SMB4 DC
Volker.Lendecke at SerNet.DE
Wed Aug 5 19:40:36 UTC 2015
On Wed, Aug 05, 2015 at 08:13:52PM +0100, Rowland Penny wrote:
> ># ./exec.sh |grep ^real
> >real 0m1.944s
> >real 0m0.051s
> >real 0m1.843s
> >real 0m1.798s
> >real 0m18.236s
> >real 0m1.756s
> >real 0m1.769s
> >real 0m2.092s
> >real 0m1.952s
> >real 0m1.954s
> >real 0m17.588s
> >real 0m4.841s
> >real 1m48.618s
> >real 1m38.985s
> >real 2m1.186s
> >real 1m17.514s
> >real 1m43.024s
> >real 1m27.757s
> >real 1m29.072s
> That is not slow, it is glacial :-)
> >From a certain moment, all workstation have increased response
> >time. At this moment, you believe in a problem on workstation
> There is something definitely wrong, but what ?
I've seen "id <username>" enumerate all groups in certain
circumstances. Just matching the /etc/group model of group memberships,
for the /etc/group *file* you have to scan the whole thing to find the
memberships. There are nss API calls to improve this for other backends,
but you should make sure you're not running into that for your case.
By the way, "id <username>" is not reliable to list group memberships and
can't ever be. Windows AD just does not allow winbind to list this. The
*only* reliable way to figure out group memberships is to successfully
log into your AD account, either with Kerberos or with NTLM. For this
successfully logged in account the group memberships are precise. Nothing
else will work.
I've had many discussions over this, too many. Here I'd very boldly say to
"just trust me on this".
> >I set log level = 9 in smb.conf and restart winbind.
> >A great time gap occurred after 'getpwnan teste' between 15:40:27
> >and 15:41:02
> >[2015/08/05 15:40:27.870746, 3]
> > getpwnam teste
> >[2015/08/05 15:41:02.906043, 6] winbindd/winbindd.c:822(new_connection)
> > accepted socket 22
> >[2015/08/05 15:41:02.906169, 3]
> > [ 2321]: request interface version
> >[2015/08/05 15:41:02.906332, 3]
> > [ 2321]: request location of privileged pipe
> >[2015/08/05 15:41:02.906529, 6] winbindd/winbindd.c:822(new_connection)
> > accepted socket 28
> >[2015/08/05 15:41:02.906628, 6]
> > closing socket 22, client exited
> >[2015/08/05 15:41:02.906702, 3]
> > getpwnam teste
> >[2015/08/05 15:41:19.232330, 5]
> > Could not convert sid
> Hmm, 'S-1-5-21-3802641769-3585385758-3926675344-500' is the SID-RID
> for 'Administrator' and 'NT_STATUS_SERVER_DISABLED' probably means
> what it says.
> OK, how did you compile samba?
> Why did you compile samba 4.2.3, it is available from Sernet.
> How are you starting samba on the various machines ?
> Can you post the smb.conf from the DCs and the servers etc ?
> Can you check that the following daemons are running:
> DC: samba, smbd, winbindd
> workstation or member server: smbd, nmbd, winbindd
> >Sorry for my English.
> Never apologise for your English, as a native English speaking
> person, I am honoured that you have taken the time to learn my
> language, I, on the other hand, do not speak any other languages.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba