[Samba] Slow, Incorrect Group Resolution through Winbind

Rowland Penny rpenny at samba.org
Wed Sep 13 17:03:49 UTC 2017

On Wed, 13 Sep 2017 12:55:58 -0400
Sonic <sonicsmith at gmail.com> wrote:

> On Wed, Sep 13, 2017 at 12:49 PM, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > And, yes the smb.conf manpage does say this:
> >
> > These are suitable for use in the default idmap configuration.
> >
> > and refer to tdb,tdb2 and ldap. I wouldn't use any of these on a
> > Unix domain member, because the manpage also says this:
> >
> > these create mappings of their own using internal unixid counters
> > and store the mappings in a database.
> >
> > This means there is no way to ensure that users and groups will get
> > the same ID on different Unix domain members.
> I'm the first to agree that using tdb for the DOMAIN domain is not
> ideal. However, it is not invalid (as far as I can tell from the
> documentation).
> Chris

I am not saying it is invalid, I am just saying you should not use them
for the 'DOMAIN' backend because you have no way to get consistent IDs.


More information about the samba mailing list