[Samba] samba as a domain member: a way to ignore groups?
Michael Tokarev
mjt at tls.msk.ru
Fri Apr 5 13:43:42 UTC 2024
Hi!
We had stand-alone anonymous samba server serving a read-only share
as guest account. It worked well but had a few strange issues (like
lots of noise in logs about bad smb2 signature).
Its been suggested to switch to a domain member server. I didn't see
the point since we don't need different user IDs and security model,
but okay, - I joined a new server to a domain.
Now I see samba is doing large amount of setgroups() calls with huge
amount of groups each time (100+) - based on the domain groups each
user belongs to. This, and in-kernel group matching code, has become
quite noticeable in the performance stats, - samba and kernel are doing
lots of work in this context instead of doing real work.
What is the way to ignore all the domain groups of all domain users?
Will the whole thing work if I'll remove `winbind' from nsswitch.conf:group
line?
Thanks,
/mjt
More information about the samba
mailing list