Alan Munter
2005-Feb-08 18:46 UTC
[Samba] Samba 3, member of ADS, new trust between small ADS and large one
We have been running a few Linux machines (FC2) as members of our Win2k3 Active Directory domain. They were all humming along fine using winbind for logins and ldap on a local server for the SID->UID/GID mappings. Things seem to have changed, however, when a one-way trust was set up between our small AD domain and a much larger one. The trust was set up to allow members of the larger domain sit down at our computers and login, however, it seems that now winbind or ldap or both are choking on the ~3500 new people.>From a Samba linux member of the domain:wbinfo -t works wbinfo -u works most of the time, but is sometimes slow at getting started and fast at printing all 3500 names once it starts wbinfo -g same as wbinfo -u getent password frequently hangs after listing the local /etc/password contents and when it does go on it seems to get incrementally further in the list of 3500 people before it finally timesout each time I run it getent group works with many fewer entries So my question is, what is going on and what can I do to help the situation? I actually would like to just deny the logins from the larger domain from logging in to the Samba ADS domain computers, but perhaps this is not possible with the trust set up between the Win2k3 domains. Is the bottleneck our ldap server, or is there some artifically configured maximum result size coming from a basically default install of openldap? Thanks in advance for any help. Alan
Gerald (Jerry) Carter
2005-Feb-08 19:30 UTC
[Samba] Samba 3, member of ADS, new trust between small ADS and large one
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alan Munter wrote: | So my question is, what is going on and what can I do | to help the situation? I actually would like to just deny the | logins from the larger domain from logging in to the Samba | ADS domain computers, 'allow trusted domains = no' cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCRM2IR7qMdg1EfYRAi8TAJ48viskULY9kYU64nULGAHgC60NhwCfUMKp sRaZqiQCFCOJrFIPjiCGLmo=sbbJ -----END PGP SIGNATURE-----