[Samba] Winbind, cached logons and 'user persistency'...

Rowland Penny rpenny at samba.org
Fri Jan 18 09:59:30 UTC 2019


On Fri, 18 Jan 2019 10:41:10 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Hai Marco,  
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Marco Gaiarin via samba
> > Verzonden: vrijdag 18 januari 2019 10:03
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Winbind, cached logons and 'user 
> > persistency'...
> > 
> > Mandi! L.P.H. van Belle via samba
> >   In chel di` si favelave...
> > 
> > > Maybe the winbind cache time is set to low for this. 
> > 
> > OK. But this look still strange/dangerous to me. Two 'open point':
> > 
> > 1) seems to me that there's many 'cache time' parameters:
> > 
> >   + idmap cache time, default 604800 (one week); seems related only
> > to SID<->GID/UID query, so unrelated here.
> > 
> >   + winbind cache time, default 300 (5 minutes); this seems the
> >     parameter i need to tackle with.
> > 
> > but... HOW work that cache? There's a 'negative' timeout also? Or
> > simply cache data and use cached data if all DC are not available?
> Poe, this i dont know, i dont know all code... 
> Rowland, you know this? 
> 

No, I have never had to mess with this, but 'man smb.conf' says this:

           This parameter specifies the number of seconds the winbindd(8)
           daemon will cache user and group information before querying a
           Windows NT server again.

It looks like you reduce the time to make the cache refresh more often
and increase it to make the cache last longer, I would presume setting
it to '0' would make winbind query the server without using the cache,
but this is just a guess.

Rowland



More information about the samba mailing list