[Samba] winbind causing huge timeouts/delays since 4.8

[Ralph Böhme]

Hi,

On Fri, Feb 22, 2019 at 01:59:15PM +0100, Alexander Spannagel via samba wrote:
>I want to share some findings with the community about hugh 
>timeouts/delays since upgraded to samba 4.8 end of last year and a 
>patch fixing this in our setup. It would be great if someone from 
>samba dev team could take a look and if acceptable apply the patch to 
>the common code base. It may also affect current stable and release 
>candidates.
>The patch expects the patch from BUG 13503 "getpwnam resolves local 
>system accounts to AD" being already applied.
>
>Within the company i'm working for, we see frequently system 
>hangs/slowness for a couple of seconds on servers using winbind 
>passwd/group resolution via nsswitch.conf since we updated our OS from 
>CentOS7.5 to CentOS7.6 which includes a samba update from 4.7 to 4.8.
>
>We could track it down to winbind and when it is asked for an unknown 
>local user account. This means that the users account in question is 
>not in local passwd and doesn't contain any domain like 
>SOMEDOMAIN\account or account at SOMEDOMAIN. The expected behavior is an 
>immediately return with an error like "no such user" or "unknown 
>user", but instead a call like "id unknown" takes 60+ seconds. 

hm, can't reproduce:

slow at titan:~/git/samba/scratch$ git describe 
samba-4.8.3

slow at titan:~/git/samba/scratch$ sudo bin/net cache flush

slow at titan:~/git/samba/scratch$ time bin/wbinfo -i foo
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user foo

real    0m0.025s
user    0m0.004s
sys     0m0.004s

Can you share your full smb.conf?

-slow

-- 
Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46