[Samba] winbind causing huge timeouts/delays since 4.8

Alexander Spannagel aspannagel at gmx.de
Fri Feb 22 23:01:30 UTC 2019

Am 22.02.19 um 23:02 schrieb Rowland Penny via samba:
> So, you are trying to use 4 different methods of authentication on the
> same Samba server, Unix, sssd, winbind and ldap, and you expect this to
> work ?
No. we use max. 3 auth providers: (1. and 2. on all unix servers)
1. unix (local passwd)
    for static OS/service accounts across all our env
2. sssd (with unix ldap servers as provider)
    unix experienced user and application related service accounts
3. samba/winbind
    for windows users/services needing access to a group of unix servers

All that worked fine in coexistence since years and just stopped working 
smoothly with update to samba-4.8 and can be fixed with provided patches 
that fixes patch from Bug#13503 from mid of 2018.
Initial also provided config changes to fix the issues, but they are 
only workarounds.

> I repeat, from a Samba point of view, your smb.conf is borked, see here
> for more info:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Will take a look, but not certain what configuration options you want 
point me too.

> You do not need winbind and sssd on the same Samba server, they do the
> same thing, pick one and delete the other.
They don't - as stated above we use sssd for query/caching entries from 
our ldap directory server and not Windows DomainConmtrollers - also this 
is possible, but makes more trouble and don't provide what samba's 
smb/windbind does.

> Your borked smb.conf is trying to be a Unix domain member, you do not
> use ldap in smb.conf
Samba authenticate and caching AD accounts is working as expected and 
without issues.

> If your smb.conf is set up correctly, your active directory users will
> become Unix users as well.
Indeed it works just fine.

> You can if you so wish, go to git-lab and creating a fork and make your
> changes there, see here for more info:
> https://wiki.samba.org/index.php/Using_Git_for_Samba_Development
> Rowland
Thanks for point me there, will take a look.


More information about the samba mailing list