[Samba] Winbind, cached logons and 'user persistency'...

L.P.H. van Belle belle at bazuin.nl
Fri Jan 18 09:41:10 UTC 2019 

Hai Marco,  

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: vrijdag 18 januari 2019 10:03
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Winbind, cached logons and 'user 
> persistency'...
> 
> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> 
> > Maybe the winbind cache time is set to low for this. 
> 
> OK. But this look still strange/dangerous to me. Two 'open point':
> 
> 1) seems to me that there's many 'cache time' parameters:
> 
>   + idmap cache time, default 604800 (one week); seems related only to
>     SID<->GID/UID query, so unrelated here.
> 
>   + winbind cache time, default 300 (5 minutes); this seems the
>     parameter i need to tackle with.
> 
> but... HOW work that cache? There's a 'negative' timeout also? Or
> simply cache data and use cached data if all DC are not available?
Poe, this i dont know, i dont know all code... 
Rowland, you know this? 

> 
> 
> 2) in my network i've 7 DCs. Tearing down the main switch i've surely
>  disconnected all the remote DCs. But still i've two local one, one of
> that in the same phisical proxmox server of the DM member that lost
> cache. So could be reachable!!
Does proxmod allow routing internaly? This i dont know. 
Simple test, pull the cable out of the proxmod host server, ping these 2 vm servers within proxmod.
Can you test this? 

> 
> I suppose that a DM will try to contact *all* DCs (at first 
> glance, the same-site-dc; after all available DCs), right?
> 
> There's some things i can do to make sure DCs are alive and kicking?
Can you show the output of : dig your.domain.tld 

> 
> 
> Ah, DM are 4.8.8+nmu-1~deb9, your packages.
Ah, good to see your are 4.8.8 now :-) 

> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list