[Samba] Is it possible to clone an NT ACL from one file or dir to a totally different file or dir ?
Andrew Bartlett
abartlet at samba.org
Fri Apr 6 00:32:02 UTC 2018
On Sat, 2018-03-24 at 20:38 -0400, Ken McDonald via samba wrote:
>
> > By default, step 4 takes forever to run on large datasets because it
> > uses named entities. My ultimate plan was to use the numeric
> > user/group id's in that step instead of named ones so the Winbind cost
> > is not incurred. Seems for the whole process, the calls to Winbind to
> > resolve the named entity to it's numeric ID are the reason for the
> > slowdown. That's why, even when using the normal Windows security tab
> > or samba-tool, it takes days to update large datasets. I'm exploring
> > options around that issue.
If this is on the AD DC, then I fixed part of the slowness here a
couple of week ago with
commit d418d0ca33afb41a793a2fff19ca68871aa5e9ef
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Mar 21 20:43:10 2018 +1300
winbindd: Add a cache of the samr and lsa handles for the passdb
domain
Otherwise, I'm not sure folks have looked into this terribly much, you
are already working at a pretty low level.
I hope this helps a little.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list