[Samba] Samba slow AD authentication eventually succeed
Rowland penny
rpenny at samba.org
Mon Mar 2 09:27:07 UTC 2020
On 02/03/2020 08:08, Andrea Cucciarre' via samba wrote:
> Hello,
>
> I have a customer that complains about slow AD authentication when
> accessing the share, eventually succeed (Samba is a DC memer)
You have a couple of things that could slow things down:
winbind enum groups = yes
winbind enum users = yes
and
winbind expand groups = 4
You also have default lines and lines that will do nothing on Unix
domain member using the 'rid' backend, try this smb.conf:
[global]
netbios name = H002N7
workgroup = PFIN
realm = PFIN.ch
security = ads
server string = Data %h
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
client ldap sasl wrapping = plain
host msdfs = no
idmap config * : backend = tdb
idmap config * : range = 30000-40000
idmap config PFIN : backend = rid
idmap config PFIN : range = 1000000-3000000
idmap config POST : backend = rid
idmap config POST : range = 3000001-5000000
load printers = no
disable spoolss = yes
local master = no
preferred master = no
log file = /opt/samba/log/%m.log
log level = 3
vfs objects = zfsacl
map acl inherit = Yes
store dos attributes = Yes
winbind refresh tickets = Yes
[hyperfile_test$]
hf:volume = t_hyperfile_01
nfs4: acedup = merge
nfs4: mode = special
path = /t_hyperfile_01
read only = no
vfs objects = hf_vss hf_offline zfsacl
Rowland
More information about the samba
mailing list