Tomasz Pawłowski
2016-Feb-22 13:09 UTC
[Samba] Slow SID to name translation in Windows Security tab (groups)
Hello I'am using Samba 4.2.3 in CentOS 7.2.1511 (distro release) with openLdap integration as standalone file server. Everything works good, but when I want to use Windows extended ACLs (right click on folder -> Properities, Security tab), translation of SIDs to real group names is going realy slow. Mentioned problem occours only when I add security permissions for groups, user SIDs are translating fast. ACL conf: ------------ vfs objects = acl_xattr store dos attributes = yes nt acl support = yes map acl inherit = yes inherit acls = yes inherit owner = yes inherit permissions = yes ea support = yes map archive = no map hidden = no map readonly = no LDAP conf: ------------ passdb backend = ldapsam:ldap://127.0.0.1 ldap ssl = no ldap admin dn = cn=Manager,dc=company,dc=local ldap delete dn = no ldap password sync = yes ldap suffix = dc=company,dc=local ldap user suffix = ou=People ldap group suffix = ou=Group ldap machine suffix = ou=Computers add user script = /usr/local/sbin/smbldap-useradd -am "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" Please help Best regards Thomas
Harry Jede
2016-Feb-22 19:14 UTC
[Samba] Slow SID to name translation in Windows Security tab (groups)
On 20:08:48 wrote Tomasz Pawłowski:> [Samba] Slow SID to name translation in Windows Security tab (groups) > Von: Tomasz Pawłowski <tomasz at adminfx.pl> > An: samba at lists.samba.org > > Hello > I'am using Samba 4.2.3 in CentOS 7.2.1511 (distro release) with > openLdap integration as standalone file server. > > Everything works good, but when I want to use Windows extended ACLs > (right click on folder -> Properities, Security tab), translation of > SIDs to real group names is going realy slow.You may try: ldapsam:trusted = yes BTW if you set: ldapsam:editposix = yes you do not need the smbldap tools further information in man smb.conf -- regards Harry Jede
Tomasz Pawłowski
2016-Feb-22 21:16 UTC
[Samba] Slow SID to name translation in Windows Security tab (groups)
2016-02-22 o 20:14, Harry Jede wrote:> On 20:08:48 wrote Tomasz Pawłowski: >> [Samba] Slow SID to name translation in Windows Security tab (groups) >> Von: Tomasz Pawłowski <tomasz at adminfx.pl> >> An: samba at lists.samba.org >> >> Hello >> I'am using Samba 4.2.3 in CentOS 7.2.1511 (distro release) with >> openLdap integration as standalone file server. >> >> Everything works good, but when I want to use Windows extended ACLs >> (right click on folder -> Properities, Security tab), translation of >> SIDs to real group names is going realy slow. > You may try: > ldapsam:trusted = yes > > BTW > if you set: > ldapsam:editposix = yes > > you do not need the smbldap tools > > further information in > man smb.conf >... thank you very much for your reply. Problem still exists