[Samba] nscd and winbindd

Harry Jede walk2sun at arcor.de
Fri Mar 2 15:02:22 UTC 2018 

Am Freitag, 2. März 2018, 06:44:14 CET schrieb Kraus, Sebastian via 
samba:
> Dear samba folks,
> 
> 
> I have a special question regarding the simultaneous operation of nscd
> and winbindd on the same host:
> 
> 
> 
> We are running in a Samba file server setup where the nsswitch.conf
> looks like this:
> 
> 
> passwd:         files ldap
> group:          files ldap
> shadow:         files ldap
> 
> hosts:          files dns wins
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> 
> 
> 
> Nscd is used to do general name service caching while winbindd is up
> to the task to map SID <-> UID via the tdb backend.
> 
> 
> 
> Usually, you find only information about setups where the
> nsswitch.conf looks something like this:
Hhmm,
my preferred search engine tells me, it has found 296000 documents
search: passwd files ldap

> passwd: files winbind
> shadow: files
> group: files winbind
> 
> [...]
> 
> 
> and a general warning is given that nscd should not operate while
> winbindd is running on the same host.
I believe you misunderstood this warning.
Padl's nscd and/or Arthur de Jong's nslcd works well with windbind. As long 
as you *do not setup both in PAM/NSS configuration* . i.e.

Both are OK. But use only one line
group: files winbind
group: files ldap

Both makes trouble, but maybe it is a solution in special setups
group: files ldap winbind
group: files winbind ldap

> Some sort of inconsistency wrt. to the caching of the name service
> information will result, as I understood.
> 
> Does the same warning/problem also apply to our specific configuration
> setup?
No

But you should know that nscd caches entrys for one hour by default. So, if 
you make changes to an entry i.e. a group, you must wait or manually 
refresh the nscd cache. Could be a pain and/or a risk in some situations. 
Shorten the cache time may also help.
nscd -i groups

How many user and groups has your setup?

> 
> Thanks for your advice.
> 
> 
> 
> 
> Regards
> 
> 
> 
> Sebastian
> 
> 
> 
> 
> Sebastian Kraus
> Team IT am Institut für Chemie
> Gebäude C, Straße des 17. Juni 115, Raum C7
> 
> Technische Universität Berlin
> Fakultät II
> Institut für Chemie
> Sekretariat C3
> Straße des 17. Juni 135
> 10623 Berlin
> 
> 
> Tel.: +49 30 314 22263
> Fax: +49 30 314 29309
> Email: sebastian.kraus at tu-berlin.de


-- 

Gruss
	Harry Jede

More information about the samba mailing list