[Samba] Advice on Winbindd and NTLM Auth Performance
Arnab Roy
arniekol at gmail.com
Mon Sep 4 20:34:34 UTC 2017
Anyone on how to get libwbclient some kind of runtime parameter from smb
conf?
On 3 Sep 2017 23:22, "Arnab Roy" <arniekol at gmail.com> wrote:
>
>
> Wouldn't it be nice if the end user had a choice . Why would it be unsafe
> considering all the info is in smb.conf and it just needs to read like all
> other samba processes like smbd or nmbd?
>
> The problem I have got here is that my radius needs to talk to multiple
> disjoint ad domains hence runs multiple winbind instances.
>
> Any chance you can point me to the code where the socket lookup happens in
> libwbclient? May be i just need to create a local patch.
>
> Thanks for your input thus far.
>
> Arnab
>
> On 3 Sep 2017 11:06 pm, "Andrew Bartlett" <abartlet at samba.org> wrote:
>
>> On Sun, 2017-09-03 at 22:34 +0100, Arnab Roy via samba wrote:
>> > Hi Rowland,
>> >
>> > The only thing I'm using is winbindd the smbd and nmbd daemons are
>> > disabled.
>> >
>> > However I have now found the bottleneck is because freeradius is
>> > calling
>> > the ntlm_auth binary and effectively forking out.
>> >
>> > The guys at freeradius wrote a direct client libwbclient however
>> > their is
>> > no way of specifying the winbind privileged path using that method as
>> > it's
>> > hardcoded during compile time.
>> >
>> > Why does samba hardcode this on all client applications is beyond my
>> > little
>> > knowledge :(
>>
>> The libwbclient library is used in a privileged context (su, via
>> pam_winbind) so we can't safely runtime configure it. If you want a
>> different path, specify it at build time.
>>
>> Andrew Bartlett
>> --
>> Andrew Bartlett
>> https://samba.org/~abartlet/
>> Authentication Developer, Samba Team https://samba.org
>> Samba Development and Support, Catalyst IT
>> https://catalyst.net.nz/services/samba
>>
>>
>>
>>
>>
More information about the samba
mailing list