Hi Louis, Yes of course that would help duh! apologies the OS is fedora 25 Samba version samba-4.5.10-0.fc25.x86_64 smb.conf server string = Samba Server MY-NETWORKS hosts allow = 127. log file = /var/log/samba/log-MY-NETWORKS.%m log level = 0 max log size = 50 security = ads encrypt passwords = yes passdb backend = tdbsam load printers = no cups options = raw printcap name = /dev/null allow trusted domains = yes ntlm auth = yes WORKGROUP=MY-NETWORKS REALM=my-networks.com password server = x.x.x.x y.y.y.y pid directory = /var/run/samba/my-networks.com lock directory = /var/cache/samba/my-networks.com private dir = /var/cache/samba/my-networks.com winbindd socket directory = /var/cache/samba/my-networks.com winbindd privileged socket directory = /var/cache/samba/ my-networks.com/winbindd_privileged smb passwd file = /var/cache/samba/my-networks.com state directory = /var/cache/samba/my-networks.com cache directory = /var/cache/samba/my-networks.com ntp signd socket directory = /var/cache/samba/my-networks.com winbind offline logon = true socket options = TCP_NODELAY IPTOS_LOWDELAY getwd cache winbind max domain connections = 250 winbind max clients = 5000 My question can I cache the logins or do something to speed things up ? TIA On Fri, Sep 1, 2017 at 10:43 AM, L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> Hai, > > Is suggest, post you OS info and smb.conf that helps. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Arnab Roy via samba > > Verzonden: vrijdag 1 september 2017 11:36 > > Aan: samba at lists.samba.org > > Onderwerp: [Samba] Advice on Winbindd and NTLM Auth Performance > > > > Hi All, > > > > I am using winbind and ntlm auth in Freeradius. At the moment > > that seems to be a major bottleneck. It seems like the > > ntlm_auth execution is taking a while , what all options can > > improve this . > > > > For starters adding TCP_NODELAY in smb.conf seems to have > > helped a little. > > > > Many Thanks > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Fri, 1 Sep 2017 10:52:44 +0100 Arnab Roy via samba <samba at lists.samba.org> wrote:> Hi Louis, > > Yes of course that would help duh! apologies the OS is fedora 25 Samba > version samba-4.5.10-0.fc25.x86_64 > > smb.conf > > server string = Samba Server MY-NETWORKS > hosts allow = 127. > log file = /var/log/samba/log-MY-NETWORKS.%m > log level = 0 > max log size = 50 > > security = ads > encrypt passwords = yes > passdb backend = tdbsam > load printers = no > cups options = raw > printcap name = /dev/null > allow trusted domains = yes > ntlm auth = yes > > WORKGROUP=MY-NETWORKS > REALM=my-networks.com > password server = x.x.x.x y.y.y.y > pid directory = /var/run/samba/my-networks.com > lock directory = /var/cache/samba/my-networks.com > private dir = /var/cache/samba/my-networks.com > winbindd socket directory = /var/cache/samba/my-networks.com > winbindd privileged socket directory = /var/cache/samba/ > my-networks.com/winbindd_privileged > smb passwd file = /var/cache/samba/my-networks.com > state directory = /var/cache/samba/my-networks.com > cache directory = /var/cache/samba/my-networks.com > ntp signd socket directory = /var/cache/samba/my-networks.com > winbind offline logon = true > > socket options = TCP_NODELAY IPTOS_LOWDELAY > getwd cache winbind > max domain connections = 250 > winbind max clients = 5000 > > My question can I cache the logins or do something to speed things > up ? >You could try setting up Samba correctly, even allowing for the fact you are using sssd (not supported by Samba), there is a lot there that shouldn't be there, see here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Rowland
Hello Everyone, Thanks for your inputs I have followed whats here https://wiki.freeradius. org/guide/Active-Directory-direct-via-winbind . Apart from the different location for the directories. I have added the recommended options in samba. However I cannot see why this would make a difference to performance. The guide for setting up a samba domain member seems more to be aimed at the whole samba stack I only need winbind is that not correct? Apologies I'm new to samba. Many Thanks Arnab On Fri, Sep 1, 2017 at 11:53 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 1 Sep 2017 10:52:44 +0100 > Arnab Roy via samba <samba at lists.samba.org> wrote: > > > Hi Louis, > > > > Yes of course that would help duh! apologies the OS is fedora 25 Samba > > version samba-4.5.10-0.fc25.x86_64 > > > > smb.conf > > > > server string = Samba Server MY-NETWORKS > > hosts allow = 127. > > log file = /var/log/samba/log-MY-NETWORKS.%m > > log level = 0 > > max log size = 50 > > > > security = ads > > encrypt passwords = yes > > passdb backend = tdbsam > > load printers = no > > cups options = raw > > printcap name = /dev/null > > allow trusted domains = yes > > ntlm auth = yes > > > > WORKGROUP=MY-NETWORKS > > REALM=my-networks.com > > password server = x.x.x.x y.y.y.y > > pid directory = /var/run/samba/my-networks.com > > lock directory = /var/cache/samba/my-networks.com > > private dir = /var/cache/samba/my-networks.com > > winbindd socket directory = /var/cache/samba/my-networks.com > > winbindd privileged socket directory = /var/cache/samba/ > > my-networks.com/winbindd_privileged > > smb passwd file = /var/cache/samba/my-networks.com > > state directory = /var/cache/samba/my-networks.com > > cache directory = /var/cache/samba/my-networks.com > > ntp signd socket directory = /var/cache/samba/my-networks.com > > winbind offline logon = true > > > > socket options = TCP_NODELAY IPTOS_LOWDELAY > > getwd cache winbind > > max domain connections = 250 > > winbind max clients = 5000 > > > > My question can I cache the logins or do something to speed things > > up ? > > > > You could try setting up Samba correctly, even allowing for the fact > you are using sssd (not supported by Samba), there is a lot there that > shouldn't be there, see here: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >