I have been using FreeNAS 8 (8.0.3) in a large Active Directory environment and have had to make some changes to the configuration to make FreeNAS usable. We have over 108,000 users and with this many users FreeNAS is unusable in its current form.
One of the problems is with winbindd_cache.tdb. It will grow to over 500MB and with the additional copies (.bak and .bak.old), it will easily fill /var/tmp/.cache .
To work around this, I create a "samba_db" dataset on my zfs volume and within the CIFS Services I add the Auxiliary parameters "cache directory = /mnt/myvolume/samba_db"
With so many users, winbindd will just set there eating cpu for hours, signal 6 constantly, and cause the GUI to timeout for just about every function making changing anything impossible. User lookups from the terminal will timeout, and cron jobs will get backed up and fail.
To work around this, I add in the CIFS Services the Auxiliary parameters "winbind enum users = no" and "winbind enum groups = no". Once added, winbind works properly, GUI works, and user lookups do not timeout. I have not seen any negatives from this change yet.
I also add "winbind use default domain = yes" to the CIFS Services Auxiliary parameters. This keeps you from having to give YOURDOMAIN\username. Without it my AD users were having to give their credentials. I can't confirm that this is responsible, but before adding this my winbindd_cache.tdb would grow to over 1.5GB (x3 if you include the .bak and .bak.old).
Anyone else have any tips?
One of the problems is with winbindd_cache.tdb. It will grow to over 500MB and with the additional copies (.bak and .bak.old), it will easily fill /var/tmp/.cache .
To work around this, I create a "samba_db" dataset on my zfs volume and within the CIFS Services I add the Auxiliary parameters "cache directory = /mnt/myvolume/samba_db"
With so many users, winbindd will just set there eating cpu for hours, signal 6 constantly, and cause the GUI to timeout for just about every function making changing anything impossible. User lookups from the terminal will timeout, and cron jobs will get backed up and fail.
To work around this, I add in the CIFS Services the Auxiliary parameters "winbind enum users = no" and "winbind enum groups = no". Once added, winbind works properly, GUI works, and user lookups do not timeout. I have not seen any negatives from this change yet.
I also add "winbind use default domain = yes" to the CIFS Services Auxiliary parameters. This keeps you from having to give YOURDOMAIN\username. Without it my AD users were having to give their credentials. I can't confirm that this is responsible, but before adding this my winbindd_cache.tdb would grow to over 1.5GB (x3 if you include the .bak and .bak.old).
Anyone else have any tips?