[Samba] Advice on Winbindd and NTLM Auth Performance
Arnab Roy
arniekol at gmail.com
Sun Sep 3 21:34:50 UTC 2017
Hi Rowland,
The only thing I'm using is winbindd the smbd and nmbd daemons are disabled.
However I have now found the bottleneck is because freeradius is calling
the ntlm_auth binary and effectively forking out.
The guys at freeradius wrote a direct client libwbclient however their is
no way of specifying the winbind privileged path using that method as it's
hardcoded during compile time.
Why does samba hardcode this on all client applications is beyond my little
knowledge :(
Many Thanks
Arnab
On 3 Sep 2017 12:48 pm, "Rowland Penny via samba" <samba at lists.samba.org>
wrote:
> On Fri, 1 Sep 2017 23:30:53 +0100
> Arnab Roy <arniekol at gmail.com> wrote:
>
> > Hello Everyone,
> >
> > Thanks for your inputs I have followed whats here
> > https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind
> > Apart from the different location for the directories. I have added
> > the recommended options in samba.
>
> That howto seems to have been dated even when it was written and you
> haven't added all the 'recommended options'.
> The howto tells you to add these lines:
>
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
>
> These were marked as deprecated on 3.6 and you should be using lines
> like these:
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config SAMDOM : backend = rid
> idmap config SAMDOM : range = 10000-999999
>
> Without these lines, winbind doesn't know who your users & groups are.
>
> Or are you using sssd ?
> If so, then Samba isn't doing authentication.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list