[Samba] Advice on Winbindd and NTLM Auth Performance
abartlet at samba.org
Fri Sep 1 10:10:13 UTC 2017
On Fri, 2017-09-01 at 10:36 +0100, Arnab Roy via samba wrote:
> Hi All,
> I am using winbind and ntlm auth in Freeradius. At the moment that seems to
> be a major bottleneck. It seems like the ntlm_auth execution is taking a
> while , what all options can improve this .
What is your DC, and how far away it it network-wise?
Have you tried setting
winbind max domain connections = 10
winbind offline logon = no
(actually the default, but you might have set it without realising it
doesn't help with NTLM authentication).
> For starters adding TCP_NODELAY in smb.conf seems to have helped a little.
That is unlikely to be at all related.
NTLM authentication has to be checked at the DC, so it can't be cached.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba