[Samba] Winbind and caching - idmap, DC
Ralph Boehme
slow at samba.org
Fri Oct 18 19:23:29 UTC 2019
Howdy,
On 10/18/19 7:26 PM, Alexey A Nikitin via samba wrote:
> I have few questions about Winbind on AD DS domain member I'm having difficulty finding answers to in the docs on my own:
> * does Winbind remember the last DC it was connected to on shutdown, will it attempt to connect to the same DC on restart or will it go through DC location process again?
yes:
# net cache list | grep SAF
> * If yes, will that information be wiped out when one runs 'net cache flush'?
yes.
> * If yes, is 'net cache flush' necessary when changing idmap configuration? It seems even after winbind restart querying user info still returns old UID, before the idmap config change :-/
yes. idmapping stuff is stored in gencache which is persistent and is
not cleared when winbindd is restarted.
> * If yes, can the cache be wiped out selectively, only the idmap cache without the last DC cache (assuming the answer to first question is yes)?
There's no tool to do that currently, but it would be trivial to write one.
> * If no, can 'net cache flush' be done while Winbind is running,
yes.
> will it achieve the desired effect with regards to SID-UID id mapping change without losing connection to a particular DC?
You won't loose connectivity anyway. winbindd will just have to go
through DC lookup again in certain scenarios.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20191018/e46e7012/signature.sig>
More information about the samba
mailing list