[Samba] winbind causing huge timeouts/delays since 4.8
rpenny at samba.org
Sun Feb 24 11:46:42 UTC 2019
On Sun, 24 Feb 2019 12:20:43 +0100
Ralph Böhme <slow at samba.org> wrote:
> > Am 24.02.2019 um 12:14 schrieb Volker Lendecke via samba
> > <samba at lists.samba.org>:
> > On Sun, Feb 24, 2019 at 08:16:55AM +0000, Rowland Penny via samba
> > wrote:
> >> Well yes, it could be used for the default domain, but what about
> >> the 'DOMAIN' domain ?
> >> From my understanding, the default range is meant for the Well
> >> Known SIDs and anything outside the given domains and there are
> >> less than two hundred Well known SIDs.
> >> To be honest, I have never really seen the point to autorid, it
> >> just seems to be the 'rid' backend with a way to set the range
> >> size.
> >> I will stick to recommending using 'tdb' for the '*' domain and
> >> 'ad' or 'rid' for any other domains.
> > Autorid is made to combine the efficiency of rid with the ease of
> > configuration of tdb. tdb generates a lot of entries in its
> > database, autorid is very small. For me, if we could, we would make
> > autorid the default these days. But this would break too many
> > existing tdb default setups. Of course, wherever people have SFU
> > maintained in AD, that is clearly preferrable. For everybody else,
> > I think autorid is just a great idea. But that's mostly me :-)
> me too. And is we've just seen idmap_ad has its issues in large
Seen where ? and how ?
The only real problem that I see is that, from a Samba point of view,
you have to store the next available uidNumber or gidNumber outside of
AD e.g. scribbled on a piece of paper.
More information about the samba