Hello guys,
I'm using Winbind to integrate my Active Directory Users into Linux.
The Domain is very big and is in trust with four other Domains.
I've about 100,000+ users.
Sometimes everything works perfect, wbinfo -u and wbinfo -g parse the correct
users/groups but when I restart Samba + Winbind it does not work anymore.
When I first try wbinfo -m it lists all trusted domains but when I try wbinfo -u
after, it responds "Error looking up domain users" and wbinfo -m does
also not work any more.
Later, it seems to work again but I don't know why.
Do you have an answer to this?
I was thinking about limiting the users that'll be integtrated from winbind.
Is there any possibility to do this? I only need one of the four trusted domains
but don't know a function to limit this.
"allow trusted domains = Yes" only gives me the opportunity to disable
or enable all trusted domains, not to enable one specific domain.
Hope you guys can help me with this. Thanks!
smb.conf:
[global]
server string = Test
workgroup = MYDOMAIN
netbios name = SERVERNAME
realm = MYDOMAIN.LOCAL
idmap uid = 10000-200000
idmap gid = 10000-200000
winbind separator = /
winbind use default domain = Yes
security = ADS
encrypt passwords = yes
password server = server.mydomain.local
client use spnego = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%D/%U
allow trusted domains = Yes
winbind cache time = 300
[share]
comment = Testshare
path = /home/share
browseable = yes
read only = no
guest ok = no
valid users = @TRUSTEDDOMAIN/MYGROUP
create mask = 0770
directory mask = 0770
--
"Feel free" - 5 GB Mailbox, 50 FreeSMS/Monat ...
Jetzt GMX ProMail testen: www.gmx.net/de/go/mailfooter/promail-out
Hi, Daniel Frey wrote:> smb.conf: > [global] > > server string = Test > > workgroup = MYDOMAIN > netbios name = SERVERNAME > realm = MYDOMAIN.LOCAL > idmap uid = 10000-200000 > idmap gid = 10000-200000 > winbind separator = / > winbind use default domain = Yes > security = ADS > encrypt passwords = yes > password server = server.mydomain.local > client use spnego = yes > > winbind enum users = yes > winbind enum groups = yesIt would be a very good decision the turn the two above to "no". This is the default in recent samba versions anyway. Apart from that you should use a very recent Samba version. There have been huge improvements achieved for large domains. Guenther -- G?nther Deschner GPG-ID: 8EE11688 Red Hat gdeschner@redhat.com Samba Team gd@samba.org
On Tue, Mar 20, 2007 at 04:25:30PM +0100, Daniel Frey wrote:> I've about 100,000+ users. > > Sometimes everything works perfect, wbinfo -u and wbinfo > -g parse the correct users/groups but when I restart Samba > + Winbind it does not work anymore.Sorry, but with 100.000+ users I would not expect wbinfo -u/g to work at all. It will run into all sorts of timeouts. The only thing you should expect to work in this kind of environment is to log on as some user and have all group information for the logged on user correct. Enumerating is just not expected to work correctly here :-) Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20070320/ca6415d7/attachment.bin