[Samba] winbind limitations

Fernando Favero favero.fernando at gmail.com
Tue Feb 23 21:58:52 UTC 2016


Does winbind has limitations  with lots of users in domain?

I'm compiled samba 4.3.1 and created 40 users, so winbind and getent works
fine, but when created 26.000 users and "wbinfo -u" doesn't show users.

On DC Member Server, "wbinfo -u" and "getent passwd" doesn't show users to.

On log.wb-CORP appears:
[2016/02/23 18:46:46.319393,  1]
  ads reopen failed after error Time limit exceeded
[2016/02/23 18:46:46.319552,  1]
  query_user_list ads_search: Time limit exceeded

my smb.conf on DC:
        workgroup = CORP
        realm = CORP.EXAMPLE.COM
        netbios name = SRV-401
        interfaces = lo eth0
        bind interfaces only = Yes
        server role = active directory domain controller
        dns forwarder =
        idmap_ldb:use rfc2307 = yes

smb.conf on Member Server:
       netbios name = FS-SERVER1-CORP
       security = ADS
       workgroup = CORP
       realm = CORP.EXAMPLE.COM
       dedicated keytab file = /etc/krb5.keytab
       kerberos method = secrets and keytab
       winbind refresh tickets = yes
       winbind trusted domains only = no
       winbind use default domain = yes
       winbind enum users  = yes
       winbind enum groups = yes
       idmap config *:backend = tdb
       idmap config *:range = 1000-9999
       idmap config CORP:backend = ad
       idmap config CORP:schema_mode = rfc2307
       idmap config CORP:range = 10000-99999
       winbind nss info = rfc2307
       vfs objects = acl_xattr
       map acl inherit = yes
       store dos attributes = yes


More information about the samba mailing list