[Samba] winbind limitations
Fernando Favero
favero.fernando at gmail.com
Tue Feb 23 21:58:52 UTC 2016
Hi.
Does winbind has limitations with lots of users in domain?
I'm compiled samba 4.3.1 and created 40 users, so winbind and getent works
fine, but when created 26.000 users and "wbinfo -u" doesn't show users.
On DC Member Server, "wbinfo -u" and "getent passwd" doesn't show users to.
On log.wb-CORP appears:
[2016/02/23 18:46:46.319393, 1]
../source3/libads/ldap_utils.c:135(ads_do_search_retry_internal)
ads reopen failed after error Time limit exceeded
[2016/02/23 18:46:46.319552, 1]
../source3/winbindd/winbindd_ads.c:319(query_user_list)
query_user_list ads_search: Time limit exceeded
my smb.conf on DC:
[global]
workgroup = CORP
realm = CORP.EXAMPLE.COM
netbios name = SRV-401
interfaces = lo eth0
bind interfaces only = Yes
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
smb.conf on Member Server:
[global]
netbios name = FS-SERVER1-CORP
security = ADS
workgroup = CORP
realm = CORP.EXAMPLE.COM
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
idmap config *:backend = tdb
idmap config *:range = 1000-9999
idmap config CORP:backend = ad
idmap config CORP:schema_mode = rfc2307
idmap config CORP:range = 10000-99999
winbind nss info = rfc2307
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
Regards,
Fernando
More information about the samba
mailing list