[Samba] samba as a domain member: a way to ignore groups?
Michael Tokarev
mjt at tls.msk.ru
Fri Apr 5 14:23:09 UTC 2024
05.04.2024 17:07, Rowland Penny via samba :
> On Fri, 5 Apr 2024 16:43:42 +0300
>> Now I see samba is doing large amount of setgroups() calls with huge
>> amount of groups each time (100+) - based on the domain groups each
>> user belongs to. This, and in-kernel group matching code, has become
>> quite noticeable in the performance stats, - samba and kernel are
>> doing lots of work in this context instead of doing real work.
>>
>> What is the way to ignore all the domain groups of all domain users?
>>
>> Will the whole thing work if I'll remove `winbind' from
>> nsswitch.conf:group line?
> Have you set 'winbind expand groups' to anything but its default '0' ?
> Setting it to a large number could give you the problem you are having.
Nope I did not change it from its default "0".
Here's the whole thing:
[global]
netbios name = ekis-files
realm = XXX
workgroup = XXX
server role = member server
# default (misc, aux) range
idmap config * : range = 3000-3999
idmap config * : backend = tdb
idmap config RGSMAIN : range = 1000000-1999999
idmap config RGSMAIN : backend = rid
# log file = /var/log/samba/log.%m
max log size = 1000
logging = file
debug pid = yes
log level = 1
hostname lookups = yes
name resolve order = host
deadtime = 10 ; minutes
acl allow execute always = true
map archive = no
nt acl support = no
store dos attributes = no
durable handles = no
usershare max shares = 0
load printers = no
disable netbios = yes
[files]
comment = EKIS RDS
path = /share/files
msdfs root = yes
More information about the samba
mailing list