[Samba] IDMAP Cache
Meike Stone
meike.stone at googlemail.com
Mon Jun 25 08:34:03 UTC 2018
Hello dear list,
can someone help me?
The manual page clearly states:
"The idmap backend provides a plugin interface for *Winbind* to use
varying backends to store SID/uid/gid mapping tables." and
"ID mapping in Samba is the mapping between Windows SIDs and Unix user
and group IDs. This is performed by *Winbindd* with a configurable
plugin interface."
So, that's the reason, why I said "No winbind is running." (on my server)
So that can explain, why samba 3 is asking the LDAP-Server often, but
why is using samba 4 the cache without winbind?
my configuration (testparm -v -s | grep idmap):
ldap idmap suffix =
idmap backend = tdb
idmap cache time = 604800
idmap negative cache time = 120
idmap uid =
idmap gid =
idmap config * : backend = tdb
Thanks in advance
Meike
2018-06-22 13:40 GMT+02:00 Meike Stone <meike.stone at googlemail.com>:
> Hello dear list,
>
> I have running a Samba 3 server (under SLES11) connected to an
> LDAP-Server and it is running well.
> But now, I like to migrate to Samba 4 and I've made a few tests before.
>
> The whole time I with Samba 3, I was surprised about the many ldap requests so
> that I thought about an additional local OpenLDAP proxy cache.
>
> But now with Samba 4 (with the same configuration like Samba 3,
> SLES12) the IDMAP
> requests are cached in a local tdb (gencache.tdb).
>
> I can check the local cache "net cache list". While the list on Samba 3 is
> empty, with Samba 4 there are a lot of IDMAP entires.
>
> No winbind is running.
>
> My questions:
> - Is this cache configurable (TTL, ...) - I've nothing found?
> - Does the cache configuration and functional principle
> differ between Samba 3 and 4?
> - How to debug this?
> - Why only the cache under Samba 4 is working?
>
>
> Thanks Meike
> ===============================================
> my configuration (same for Samba 3 and 4):
>
> [global]
> workgroup = Samba
> map to guest = Bad User
> security = user
> server string = Server1
> max protocol = SMB2
> deadtime = 600
>
> load printers = no
> printcap name = /dev/null
> disable spoolss = yes
>
> ldap admin dn = uid=sambauser,o=some,c=domain
> passdb backend = ldapsam:"ldap://ldap01.some.domain"
>
> ldap suffix = cn=samba,o=some,c=domain
> ldap user suffix = cn=accounts
> ldap group suffix = cn=groups
> ldap passwd sync = No
>
> log level = 255
> syslog = 0
>
> [share1]
> path = /daten/share1
> comment = share1
> writeable = yes
> browseable = no
> nt acl support = no
> inherit permissions = yes
> store dos attributes = yes
> csc policy = disable
More information about the samba
mailing list