Created attachment 7962 [details] Winbind daemon debug mode level 10 We have an Active Directory with about 1500 users. The Samba 3.6.8 service is used to perform NTLM feature with the squid-cache server. We have successfully connected the Linux server to our Active Directory Windows 2008 R2. After 2 or 3 minutes the Active Directory lsass.exe run to 100% CPU all the times on the Windows Active Directory server. When stopping winbindd daemon the lsass.exe down to 0% Here it is the smb.conf [global] workgroup = AFEONLINE kerberos method = dedicated keytab dedicated keytab file = /etc/krb5.keytab realm = AFEONLINE.NET security = ads winbind enum groups = yes winbind enum users = yes idmap config * : range = 10000 - 20000 idmap config * : backend = tdb idmap config AFEONLINE : backend = tdb idmap config AFEONLINE : range = 20000 - 20000000 client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = yes winbind nested groups = Yes winbind nss info = rfc2307 winbind reconnect delay = 30 winbind offline logon = true winbind cache time = 1800 winbind refresh tickets = true allow trusted domains = Yes server signing = auto client signing = auto lm announce = No ntlm auth = No lanman auth = No preferred master = No encrypt passwords = yes password server = 10.33.252.30 printing = bsd load printers = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Added the winbind daemon debug log.
Have you tried with "winbind normalize names = no"?
(In reply to comment #1) > Have you tried with "winbind normalize names = no"? We have changed to "winbind normalize names = no" but this does not resolve this issue, after 2s the lsass.exe run to 100% cpu.
I think we need a network trace between your Samba server and the Domain Controller to nail this down. Please take a look at http://wiki.samba.org/index.php/Capture_Packets for information on how to create useful network traces.
Ah, together with the network trace please also upload your debug level 10 logs of all winbind processes. These include not only the log.winbindd-*, but also the log.wb-* files.
(In reply to comment #4) > Ah, together with the network trace please also upload your debug level 10 logs > of all winbind processes. These include not only the log.winbindd-*, but also > the log.wb-* files. We have recompiled samba, clear the Active directory connection and join again to the Active Directory and it seems the issue disappears. We can close this ticket Thanks,Thanks,Thanks, Many Thanks for your help...