[Samba] Is it possible to clone an NT ACL from one file or dir to a totally different file or dir ?

Andrew Bartlett abartlet at samba.org
Fri Apr 6 00:32:02 UTC 2018

On Sat, 2018-03-24 at 20:38 -0400, Ken McDonald via samba wrote:
> > By default, step 4 takes forever to run on large datasets because it 
> > uses named entities. My ultimate plan was to use the numeric 
> > user/group id's in that step instead of named ones so the Winbind cost 
> > is not incurred. Seems for the whole process, the calls to Winbind to 
> > resolve the named entity to it's numeric ID are the reason for the 
> > slowdown. That's why, even when using the normal Windows security tab 
> > or samba-tool, it takes days to update large datasets. I'm exploring 
> > options around that issue.

If this is on the AD DC, then I fixed part of the slowness here a
couple of week ago with 

commit d418d0ca33afb41a793a2fff19ca68871aa5e9ef
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed Mar 21 20:43:10 2018 +1300

    winbindd: Add a cache of the samr and lsa handles for the passdb

Otherwise, I'm not sure folks have looked into this terribly much, you
are already working at a pretty low level.

I hope this helps a little.

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba mailing list