[Samba] winbind causing huge timeouts/delays since 4.8
Rowland Penny
rpenny at samba.org
Sun Feb 24 08:16:55 UTC 2019
On Sat, 23 Feb 2019 22:45:04 +0100
Ralph Böhme <slow at samba.org> wrote:
>
> > Am 23.02.2019 um 22:23 schrieb Rowland Penny via samba
> > <samba at lists.samba.org>:
> >>>>> He also has these:
> >>>>>
> >>>>> idmap config * : rangesize = 1000000
> >>>>> idmap config * : range = 1000000-19999999
> >>>>> idmap config * : backend = autorid
> >>>>>
> >>>>> The '*' domain is meant for the Well Known SIDs and anything
> >>>>> outside the Samba domain. I would have expected something like
> >>>>> this:
> >>>>>
> >>>>> idmap config * : backend = tdb
> >>>>> idmap config * : range = 3000-7999
> >>>>> idmap config OPS : backend = rid
> >>>>> idmap config OPS : range = 10000-999999
> >>>>
> >>>> That should also be fixed.
> >>>>
> >>>>
> >> We use this as we have a multi-domain setup on windows side and
> >> this is a suggested setup from wiki.samba.org:
> >> https://wiki.samba.org/index.php/Idmap_config_autorid
> >
> > Cannot argue with that fact, it is there, but it also says it is
> > meant to be used with the 'DOMAIN' domain not the '*' domain, looks
> > like I will have to make that more prominent.
>
> idmap_autorid can be used as default domain, Alexander's idmap config
> is perfectly fine.
>
> -slow
Well yes, it could be used for the default domain, but what about the
'DOMAIN' domain ?
From my understanding, the default range is meant for the Well Known
SIDs and anything outside the given domains and there are less than two
hundred Well known SIDs.
To be honest, I have never really seen the point to autorid, it just
seems to be the 'rid' backend with a way to set the range size.
I will stick to recommending using 'tdb' for the '*' domain and 'ad'
or 'rid' for any other domains.
Rowland
More information about the samba
mailing list