[Samba] Advice on Winbindd and NTLM Auth Performance

Arnab Roy arniekol at gmail.com
Tue Sep 5 15:30:34 UTC 2017 

Hi ,

I have not yet received the reason why libwbclient doesn't honour the paths
mentioned in the smb.conf file.

This is making my current deployment scenario unusable.

Can some one look at the source and post some comments on this ?

Many Thanks
Arnab

On 4 Sep 2017 9:34 pm, "Arnab Roy" <arniekol at gmail.com> wrote:

> Anyone on how to get libwbclient some kind of runtime parameter from smb
> conf?
>
>
> On 3 Sep 2017 23:22, "Arnab Roy" <arniekol at gmail.com> wrote:
>
>>
>>
>> Wouldn't it be nice if the end user had a choice . Why would it be unsafe
>> considering all the info is in smb.conf and it just needs to read like all
>> other samba processes like smbd or nmbd?
>>
>> The problem I have got here is that my radius needs to talk to multiple
>> disjoint ad domains hence runs multiple winbind instances.
>>
>> Any chance you can point me to the code where the socket lookup happens
>> in libwbclient? May be i just need to create a local patch.
>>
>> Thanks for your input thus far.
>>
>> Arnab
>>
>> On 3 Sep 2017 11:06 pm, "Andrew Bartlett" <abartlet at samba.org> wrote:
>>
>>> On Sun, 2017-09-03 at 22:34 +0100, Arnab Roy via samba wrote:
>>> > Hi Rowland,
>>> >
>>> > The only thing I'm using is winbindd the smbd and nmbd daemons are
>>> > disabled.
>>> >
>>> > However I have now found the bottleneck is because freeradius is
>>> > calling
>>> > the ntlm_auth binary and effectively forking out.
>>> >
>>> > The guys at freeradius wrote a direct client libwbclient however
>>> > their is
>>> > no way of specifying the winbind privileged path using that method as
>>> > it's
>>> > hardcoded during compile time.
>>> >
>>> > Why does samba hardcode this on all client applications is beyond my
>>> > little
>>> > knowledge :(
>>>
>>> The libwbclient library is used in a privileged context (su, via
>>> pam_winbind) so we can't safely runtime configure it.  If you want a
>>> different path, specify it at build time.
>>>
>>> Andrew Bartlett
>>> --
>>> Andrew Bartlett
>>> https://samba.org/~abartlet/
>>> Authentication Developer, Samba Team         https://samba.org
>>> Samba Development and Support, Catalyst IT
>>> https://catalyst.net.nz/services/samba
>>>
>>>
>>>
>>>
>>>

More information about the samba mailing list