2012/9/27 David Touzeau <david@xxxxxxxxxx>: > Dear i would like to know if somebody have encounter this issue with > Samba+squid > I'm using NTLM with Squid and connected Samba to my Active Directory 2008 R2 > I mention that squid works perfectly but it seems this is a winbindd issue > or misconfiguration. > > It seems that winbindd ask every milliseconds to the Active Directory for > internal system users when the kernel launch a process. > When squid start a process, the winbind daemon is requested to know if the > squid user exists on the Active Directory. > This is the same way for all internal processes that use users saved in > passwd (root,apache...) > This behavior increase the lsass.exe Active directory to 100% and web pages > takes long time to be displayed. > > I would like to know if somebody can give to me the way to force > pam/nsswitch to not query winbind if users already exists in Linux shadow > system. You can use nscd to reduce the load by caching answers to queries. But why are you using pam/nssswitch? If you just want squid to authenticate users using NTLM you can use the ntlm_auth binary and don't need to set the whole system to authenticate to AD... Hope that helps, Eli > And if somebody have encountered this issue and how to resolve it ? > > best regards > > > >
