[Samba] Advice on Winbindd and NTLM Auth Performance

Rowland Penny rpenny at samba.org
Sun Sep 3 11:41:21 UTC 2017


On Fri, 1 Sep 2017 23:30:53 +0100
Arnab Roy <arniekol at gmail.com> wrote:

> Hello Everyone,
> 
> Thanks for your inputs I have followed whats here
> https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind
> Apart from the different location for the directories. I have added
> the recommended options in samba.

That howto seems to have been dated even when it was written and you
haven't added all the 'recommended options'.
The howto tells you to add these lines:

 idmap uid = 16777216-33554431
 idmap gid = 16777216-33554431

These were marked as deprecated on 3.6 and you should be using lines
like these:

    idmap config *:backend = tdb
    idmap config *:range = 2000-9999
    idmap config SAMDOM : backend = rid
    idmap config SAMDOM : range = 10000-999999

Without these lines, winbind doesn't know who your users & groups are.

Or are you using sssd ?
If so, then Samba isn't doing authentication.

Rowland



More information about the samba mailing list