Bug 11837 - Winbind keeps looking up nonexisting uid's/gid's with idmap_ad
Winbind keeps looking up nonexisting uid's/gid's with idmap_ad
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
4.2.10
x64 Linux
: P5 regression
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-14 13:55 UTC by Arnout Boks
Modified: 2016-04-20 14:03 UTC (History)
2 users (show)

See Also:


Attachments
debug output from running winbind interactively (at debug level 3 or 4) (1.34 KB, text/plain)
2016-04-14 13:55 UTC, Arnout Boks
no flags Details
contents of my smb.conf (slightly redacted) (1.11 KB, text/plain)
2016-04-14 13:56 UTC, Arnout Boks
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Arnout Boks 2016-04-14 13:55:56 UTC
Created attachment 11996 [details]
debug output from running winbind interactively (at debug level 3 or 4)

My setup is a Debian fileserver running Samba and Winbind, connected to a Windows Server 2012 DC, so that it can share folders to a Windows network. Winbind uses the idmap_ad backend for consistent id's across the network.

After upgrading to the newest Samba (security) release for Debian Jessie (2:4.2.10+dfsg-0+deb8u1, from 2:4.1.17+dfsg-2+deb8u2) today, winbind constantly stayed at ~60% CPU usage and accessing shared folders was extremely slow (under modest load).

Running winbind in interactive mode with an increased debug level, I noticed that winbind kept looking up the same uid/gid over and over again (see the attached logfile for an excerpt, where it keeps looking for uid 10006). Most interesting is that the uid/gid it kept looking up do not exist (are not present in AD on the DC). After adding the uid/gid to some bogus user/group in Active Directory on the DC the CPU load generated by Winbind dropped and filesharing was usable again.
Comment 1 Arnout Boks 2016-04-14 13:56:47 UTC
Created attachment 11997 [details]
contents of my smb.conf (slightly redacted)