in the logs. This is correct because I'm no longer allowing samba to find the users primary group. It's not clear to me yet that this is really a problem as nothing's been noticed. But, it does concern me, plus it's extra noise in the log files.
Now you could fix that by making everyone's primary group some group that is defined for the purpose of making samba shut up, but then you'd run into this nice issue that using secondary groups in samba with an LDAP backend on recent patchlevels is broken.
We use LDAP for many applications, not just samba, for example, login to a unix host. And, all our permissions are based upon the idea that a user has their own group. This would be a very large change to our infrastructure that I don't want to undertake if there's another way.
I did however consider this originally though, but I guess I'm not sure a single LDAP group with 14,000 members is going to be manageable or scalable either.
I thought the secondary groups problem was only with Solaris 9, at a specific patch level? We are using Solaris for file servers but not the PDC and we are only at Solaris 8. Have I misunderstood the secondary groups problem?
As a more helpful note, how does using nscd affect your performance issues?
As far as I know, it doesn't. We are running it. However, it's my understanding that nscd only cache's info that the OS would request via system calls such as getgrent(), getgrgid(), getgrnam() or initgroups(). Samba makes it's own LDAP calls directly.
BTW: any app that uses getgrent() exhibits this same behavior. Our mail app (cyrus) did that and caused our LDAP server to die under the load as well. We had to go with a similar 'restrict the groups' ldap configuration.
-- Marlys A. Nelson Sr. Network Specialist Information Technology Services Network Services University of Wisconsin - River Falls 715/425-4357 410 South Third Street Email: [EMAIL PROTECTED] River Falls WI 54022 http://www.uwrf.edu/
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
