[Samba] Winbind, cached logons and 'user persistency'...
L.P.H. van Belle
belle at bazuin.nl
Fri Jan 18 10:37:59 UTC 2019
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: vrijdag 18 januari 2019 11:00
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Winbind, cached logons and 'user
> persistency'...
>
> On Fri, 18 Jan 2019 10:41:10 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > Hai Marco,
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > > Marco Gaiarin via samba
> > > Verzonden: vrijdag 18 januari 2019 10:03
> > > Aan: samba at lists.samba.org
> > > Onderwerp: Re: [Samba] Winbind, cached logons and 'user
> > > persistency'...
> > >
> > > Mandi! L.P.H. van Belle via samba
> > > In chel di` si favelave...
> > >
> > > > Maybe the winbind cache time is set to low for this.
> > >
> > > OK. But this look still strange/dangerous to me. Two 'open point':
> > >
> > > 1) seems to me that there's many 'cache time' parameters:
> > >
> > > + idmap cache time, default 604800 (one week); seems
> related only
> > > to SID<->GID/UID query, so unrelated here.
> > >
> > > + winbind cache time, default 300 (5 minutes); this seems the
> > > parameter i need to tackle with.
> > >
> > > but... HOW work that cache? There's a 'negative' timeout also? Or
> > > simply cache data and use cached data if all DC are not available?
> > Poe, this i dont know, i dont know all code...
> > Rowland, you know this?
> >
>
> No, I have never had to mess with this, but 'man smb.conf' says this:
>
> This parameter specifies the number of seconds the
> winbindd(8)
> daemon will cache user and group information
> before querying a
> Windows NT server again.
>
> It looks like you reduce the time to make the cache refresh more often
> and increase it to make the cache last longer, I would presume setting
> it to '0' would make winbind query the server without using the cache,
> but this is just a guess.
>
> Rowland
>
> --
Maybe https://wiki.debian.org/LDAP/NSS is a better solution for the mailserver.
But personaly, the mail server should have replied with a better NDR.
Like : 4.4.1 The recipient’s server is not responding, so something like that.
If it was my server, i would fix the mail setup not samba.
I just cant tell much about exim, i prefer postfix.
But this like might help, it shows a lot, maybe it helps reviewing the setup and add improvements.
https://bitlair.nl/Projects/Mailserver_with_Debian,_Exim,_spamassassin,_greylistd,_DKIM,_SRS,_SPF,_DMARC,_forwarding,_LDAP,_dovecot,_LMTP,_disk_crypto
I've about the same but in a postfix setup.
Greetz,
Louis
More information about the samba
mailing list