2012/9/27 David Touzeau <david_at_touzeau.eu>:
> Dear i would like to know if somebody have encounter this issue with
> Samba+squid
> I'm using NTLM with Squid and connected Samba to my Active Directory 2008 R2
> I mention that squid works perfectly but it seems this is a winbindd issue
> or misconfiguration.
>
> It seems that winbindd ask every milliseconds to the Active Directory for
> internal system users when the kernel launch a process.
> When squid start a process, the winbind daemon is requested to know if the
> squid user exists on the Active Directory.
> This is the same way for all internal processes that use users saved in
> passwd (root,apache...)
> This behavior increase the lsass.exe Active directory to 100% and web pages
> takes long time to be displayed.
>
> I would like to know if somebody can give to me the way to force
> pam/nsswitch to not query winbind if users already exists in Linux shadow
> system.
You can use nscd to reduce the load by caching answers to queries.
But why are you using pam/nssswitch? If you just want squid to
authenticate users using NTLM you can use the ntlm_auth binary and
don't need to set the whole system to authenticate to AD...
Hope that helps,
Eli
> And if somebody have encountered this issue and how to resolve it ?
>
> best regards
>
>
>
>
Received on Thu Sep 27 2012 - 19:14:49 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 28 2012 - 12:00:05 MDT