[Samba] winbind causing huge timeouts/delays since 4.8

Rowland Penny rpenny at samba.org
Mon Feb 25 18:37:58 UTC 2019 

On Mon, 25 Feb 2019 19:26:26 +0100
Ralph Böhme <slow at samba.org> wrote:

> 
> On Sun, Feb 24, 2019 at 06:53:04PM +0000, Rowland Penny via samba
> wrote:
> >On Sun, 24 Feb 2019 19:25:14 +0100 >Ralph Böhme <slow at samba.org>
> >wrote:
> >> Am 24.02.2019 um 18:48 schrieb Rowland Penny via samba
> >> <samba at lists.samba.org>:
> >> >> I'm not really what "there" implies for you, but it seems
> >> >> idmap_autorid is eventually the backend that takes you
> >> >> "there". :)
> >> >
> >> > No it doesn't, at the moment, the only way to get the same ID on
> >> > all Unix machines (this includes DC's) is to use the 'ad'
> >> > backend.
> >>
> >> Sure. But only certain use cases require the same id on all
> >> machines, many don't. I'm just saying that you should better not
> >> use idmap_ad, but instead use eg idmap_autorid unless you're setup
> >> requires idmap_ad.
> >
> >I am not saying don't use autorid, I am saying that I will not use
> >it, I just do not see the point to it, the 'ad' and rid' backends
> >work for most users.
> 
> As said, idmap_ad is broken by design, so eg it also doesn't work
> with trusts. Most users should use idmap_autorid.
> 
> >> > You think autorid is the way forward, well sorry, but in my
> >> > opinion, it isn't.
> >>
> >> Rowland, this is not about *the* way forward, this is about using
> >> the right backend at the right time.
> >
> >No Ralph, it is about *the* way forward, Samba needs to get to the
> >point that it works exactly like Windows (or better), Samba has to
> >outdo Windows.
> 
> that's what I'm saying, to behave like Windows you have to stop using 
> idmap_ad. :)
> 
> -slow
> 

And idmap_autorid is broken by design, it only gets you the ID's,
nothing else.
I personally think that what is required is something like a cross
between the 'ad' backend and everything else.
The 'ad' backend to set homedirs, login shells etc and everything else
to set the ID's from the RID, the domain could be identified from the
SID.

Rowland

More information about the samba mailing list