[Samba] Winbind, cached logons and 'user persistency'...

L.P.H. van Belle belle at bazuin.nl
Fri Jan 18 10:37:59 UTC 2019 


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: vrijdag 18 januari 2019 11:00
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Winbind, cached logons and 'user 
> persistency'...
> 
> On Fri, 18 Jan 2019 10:41:10 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> 
> > Hai Marco,  
> > 
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > > Marco Gaiarin via samba
> > > Verzonden: vrijdag 18 januari 2019 10:03
> > > Aan: samba at lists.samba.org
> > > Onderwerp: Re: [Samba] Winbind, cached logons and 'user 
> > > persistency'...
> > > 
> > > Mandi! L.P.H. van Belle via samba
> > >   In chel di` si favelave...
> > > 
> > > > Maybe the winbind cache time is set to low for this. 
> > > 
> > > OK. But this look still strange/dangerous to me. Two 'open point':
> > > 
> > > 1) seems to me that there's many 'cache time' parameters:
> > > 
> > >   + idmap cache time, default 604800 (one week); seems 
> related only
> > > to SID<->GID/UID query, so unrelated here.
> > > 
> > >   + winbind cache time, default 300 (5 minutes); this seems the
> > >     parameter i need to tackle with.
> > > 
> > > but... HOW work that cache? There's a 'negative' timeout also? Or
> > > simply cache data and use cached data if all DC are not available?
> > Poe, this i dont know, i dont know all code... 
> > Rowland, you know this? 
> > 
> 
> No, I have never had to mess with this, but 'man smb.conf' says this:
> 
>            This parameter specifies the number of seconds the 
> winbindd(8)
>            daemon will cache user and group information 
> before querying a
>            Windows NT server again.
> 
> It looks like you reduce the time to make the cache refresh more often
> and increase it to make the cache last longer, I would presume setting
> it to '0' would make winbind query the server without using the cache,
> but this is just a guess.
> 
> Rowland
> 
> -- 

Maybe https://wiki.debian.org/LDAP/NSS  is a better solution for the mailserver. 

But personaly, the mail server should have replied with a better NDR. 
Like : 4.4.1 The recipient’s server is not responding, so something like that. 

If it was my server, i would fix the mail setup not samba. 
I just cant tell much about exim, i prefer postfix. 

But this like might help, it shows a lot, maybe it helps reviewing the setup and add improvements. 
https://bitlair.nl/Projects/Mailserver_with_Debian,_Exim,_spamassassin,_greylistd,_DKIM,_SRS,_SPF,_DMARC,_forwarding,_LDAP,_dovecot,_LMTP,_disk_crypto 
I've about the same but in a postfix setup. 


Greetz, 

Louis

More information about the samba mailing list