[Samba] "wbinfo -u" considered harmful towards Winbindd...
Rowland Penny
rpenny at samba.org
Sun Dec 9 20:06:14 UTC 2018
On Sun, 9 Dec 2018 20:20:00 +0100
Peter Eriksson via samba <samba at lists.samba.org> wrote:
> Our setup:
> Windows AD realm with ~115K users (and numerous groups etc)
> FreeBSD servers with Samba 4.7.6 and Samba 4.9.3 (both show the same
> growth)
>
> We just noticed that one of the ‘winbindd’ daemons on the servers
> seems to be growing and growing forever. A bit of detective work
> pointed us at the “wbinfo -u” command being that culprit. As part of
> a systems monitoring script we ran that once a minute (now disabled)
> in order to see if all AD users were detected, but somehow that seems
> to fail sometime and also cause the Winbindd daemon to grow around
> 455MB per hour… the memory used is not a huge problem on the
> production servers (they have 256GB RAM) so we didn’t notice this at
> first (since we restart smbd&winbindd every morning at 7am) - but an
> old test server with much less RAM ran out of memory around
> 4:30am… :-)
>
> smb.conf stuff related to Winbindd:
>
> > ; Security type
> > security = ADS
> > realm = AD.LIU.SE
> > workgroup = AD
> >
> > ;; ID Mappings
> > idmap config * : backend = tdb
> > idmap config * : range = 2000000001-2100000000
Interesting range size, do you really need 99,999,999 users or groups
for something where 999 is too large ?
> > idmap config AD : backend = ad
> > idmap config AD : range = 1-2000000000
> > idmap config AD : schema_mode = rfc2307
> > idmap config AD : unix_primary_group = yes
Do your users and groups have uidNumber & gidNumber attributes ?
Why have you started at 1 ?
>
>
> > winbind nested groups = false
It would be better if you turned the above on.
Rowland
More information about the samba
mailing list