[Samba] domain member with winbind, slow smbcacls or smbclient listing
Zhuchenko Valery
zvn at belkam.com
Thu Nov 24 13:26:09 UTC 2016
Hi, all!
When I launch (again and again)
smbcacls "//myfileserver/share" "" -U user -W domain
or
smbclient "//myfileserver/share" -U user -W domain -c "ls",
in tcpdump output at myfileserver I see multiple calls to controller via
ldap, therefore these commands are executed slowly.
When I run getent groups at myfileserver, all worked fine, and tcpdump
output is empty.
Help me please, where I'm wrong?
Best regards, Valery.
smbd -V
Version 4.2.10
My winbind settings:
testparm -s |grep winbind
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind expand groups = 10
winbind refresh tickets = Yes
security = ads
idmap config * : range = 16777216-33554431
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 100-20000
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
grep -r winbind /etc/pam.d
/etc/pam.d/fingerprint-auth-ac:account [default=bad success=ok
user_unknown=ignore] pam_winbind.so
/etc/pam.d/system-auth-ac:auth sufficient pam_winbind.so
use_first_pass
/etc/pam.d/system-auth-ac:account [default=bad success=ok
user_unknown=ignore] pam_winbind.so
/etc/pam.d/system-auth-ac:password sufficient pam_winbind.so
use_authtok
/etc/pam.d/smartcard-auth-ac:account [default=bad success=ok
user_unknown=ignore] pam_winbind.so
/etc/pam.d/password-auth-ac:auth sufficient pam_winbind.so
use_first_pass
/etc/pam.d/password-auth-ac:account [default=bad success=ok
user_unknown=ignore] pam_winbind.so
/etc/pam.d/password-auth-ac:password sufficient pam_winbind.so
use_authtok
More information about the samba
mailing list