The Samba-Bugzilla – Bug 4881
user/group enumeration blocks parent winbindd for large domains
Last modified: 2009-04-04 08:03:04 UTC
I have a Windows 2003 EE R2 SP2 x86 Active Directory domain with 300,000 users. (only 1 DC in the domain for simplicity of this test)
ADS Domain join is fine and easy, however after that 'wbinfo -u' fails over and over again. After a bit of a wait, every wbinfo request returns an error. (error looking up domain _____) even though it appears to be busy crunching SID data... and should possibly be making me wait before returning an error.
At some point in time later, (around 2007/07/25 15:54:54 in the logs)
it will start working and keeps working for several minutes after that. Then it stops working again, and we see a flurry of activity on logwinbindd.
It seems to run in this "loop" indefinitely and makes the winbind service and it's utilities unusable.
As I understand it the theoretical max amount of users in an active directory is 1,000,000+ and yet I see this behavior even with 20,000 users. It only gets worse with more users.
Also, winbindd is about 700MB residential and over a gigabyte overall memory -
Logs LEVEL 10 and /var/lib/samba (if you need it) are at:
wlog.tar.bz2 is the log - it's about 500MB expanded
wlib_samba.tar.bz2 - /var/lib/samba.
I sent mail to Serge this morning explaining why this is happening.
Are you filing this bug to track any work on converting the enumeration
call to asynchronous chunks? or did you not see that explanation yet?
Yes, I would like to track this via bugzilla, I.E. to have the "asynchronous chunks" here as well..
I am checking on the progress of this bug.... any news?