[Samba] winbind causing huge timeouts/delays since 4.8

Rowland Penny rpenny at samba.org
Sun Feb 24 15:42:07 UTC 2019

On Sun, 24 Feb 2019 15:58:39 +0100
Ralph Böhme <slow at samba.org> wrote:

> Am 24.02.2019 um 12:46 schrieb Rowland Penny via samba
> <samba at lists.samba.org>:
> > Seen where ? and how ?
> one problem is that, by design, as a domain member, it makes us
> behave different compared to a Windows system. Hic sunt dracones.

Why not just say 'here be dragons' instead of using a dead language.

Yes we do behave a bit different from Windows, even more so when we do
stupid things like introducing 'unix_primary_group = yes'.

> Another thing that a customer has just been bitten by, was a subtle
> bug in winbindd's idmap cache that resulted in all xid2sid requests
> going through the idmap backend, iow winbindd issued LDAP requests.
> With a few thousand users, things came to a grinding halt.
> https://bugzilla.samba.org/show_bug.cgi?id=13802
> Patch just landed upstream.
> -slow

That is the bug I was referring to and probably (amongst all the other
cruft) what was causing the OP's problem. However, this has nothing to
do with using the 'ad' backend with Active Directory. We keep dancing
around this problem, saying things like 'we need to fix this', we
have been saying this since Samba 4 was released.

Windows Uses the SID-RID to identify the user and the domain it
comes from, surely we can find a way to do this for Samba, we are
half way there with the 'rid' backend.


More information about the samba mailing list