[Samba] [SAMBA] Slow SID to name translation in Windows Security tab (groups)

Tomasz Pawłowski tomasz at adminfx.pl
Mon Feb 22 10:41:03 UTC 2016


Hello
I'am using Samba 4.2.3 in CentOS 7.2.1511 (distro release) with openLdap
integration  as standalone file server.

Everything works good, but when I want to use Windows extended ACLs
(right click on folder -> Properities, Security tab), translation of
SIDs to real group names is going realy slow.

Mentioned problem occours only when I add security permissions for
groups, user SIDs are translating fast.


ACL conf:
------------
vfs objects = acl_xattr
store dos attributes = yes
nt acl support = yes
map acl inherit = yes
inherit acls = yes
inherit owner = yes
inherit permissions = yes
ea support = yes
map archive = no
map hidden = no
map readonly = no


LDAP conf:
------------
passdb backend = ldapsam:ldap://127.0.0.1
ldap ssl = no
ldap admin dn = cn=Manager,dc=company,dc=local
ldap delete dn = no
ldap password sync = yes

ldap suffix = dc=company,dc=local
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Computers

add user script = /usr/local/sbin/smbldap-useradd -am "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"




Please help
Best regards
Thomas



More information about the samba mailing list