[Samba] winbind causing huge timeouts/delays since 4.8
aspannagel at gmx.de
Fri Feb 22 21:40:38 UTC 2019
Am 22.02.19 um 17:02 schrieb Rowland Penny via samba:
> If you do have 'files sss winbind' in /etc/nsswitch.conf' and sssd
> is running, then it is highly likely that even if winbind is running,
> it will not be used. You also shouldn't use winbind on the shadow line
> and you shouldn't run winbind and sssd together, sssd has its own
> version of one of the winbind libs, and this will undoubtedly interfere
> with the Samba one.
On our linux servers ldap should always be used before asking AD via
samba/winbind (as stated in nsswitch.conf). The sssd and samba libs are
separated (we are on unix not windows) so there shouldn't be any
"randomly" usage and if one of them or both have some buggy code maybe
triggered by special config combinations - but really don't want to
point to one or the other just want to solve an issue we hit in our
Anyhow i did some more patch testing and found two more ways to solve
our issues instead of adding the line "return false;":
1. replace the patched line with this one:
so in our setup domain would be set to namespace which is is set to
2. don't use the patch added via Bug 13503 at all
So for me it looks the issue is caused somehwere later in code, when
function parse_domain_user sets namespace to something different than
domain - in our case namespace=lp_netbios_name()='HOSTNAME' and domain=''.
If i would be asked, i would go with solution 1 (patch file attached) to
keep fix for Bug 13503 and assume not breaking it - maybe Mr. Schneider
could take a look if it would still fix the reported Bug.
> Finally, your smb.conf is borked for winbind.
We have different setup on some servers using ldap server as idmap
backend instead using autorid, but those show same issue and so
shouldn't be related at all.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: not available
More information about the samba