[Samba] Advice on Winbindd and NTLM Auth Performance

Andrew Bartlett abartlet at samba.org
Fri Sep 1 10:10:13 UTC 2017

On Fri, 2017-09-01 at 10:36 +0100, Arnab Roy via samba wrote:
> Hi All,
> I am using winbind and ntlm auth in Freeradius. At the moment that seems to
> be a major bottleneck. It seems like the ntlm_auth execution is taking a
> while , what all options can improve this .

What is your DC, and how far away it it network-wise?

Have you tried setting 
winbind max domain connections = 10
winbind offline logon = no
(actually the default, but you might have set it without realising it
doesn't help with NTLM authentication).

> For starters adding TCP_NODELAY in smb.conf seems to have helped a little.

That is unlikely to be at all related. 

NTLM authentication has to be checked at the DC, so it can't be cached.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list