[Samba] idmap GID range became full without reason

Andrew Hotlab andrew.hotlab at hotmail.com
Thu Jun 10 04:52:34 MDT 2010

Please excuse my ignorance: I have been running Samba for a little time, and I've very little experience with it.

I'm running Samba 3.0.37 on FreeBSD 7.2/amd64, configured as member server of a domain whose PDC is a Samba 3.0.25b-apple (the default Samba instance running on a Mac OS X 10.5.8).

The member server is sharing a couple of folders for 5 users (most of whom are using Mac OS 10.5.8 on their clients). Here is the smb.conf (Mac Server has the IP,  FreeBSD has IP

    workgroup = XXXX
    netbios name = BSD-SERVER
    server string =
    interfaces =
    security = DOMAIN
    auth methods = winbind
    passdb backend = tdbsam
    load printers = No
    printcap name = /etc/printcap
    disable spoolss = Yes
    show add printer wizard = No
    preferred master = No
    local master = No
    domain master = No
    wins server =
    idmap uid = 15000-20000
    idmap gid = 15000-20000
    winbind use default domain = Yes
    hide dot files = No
    template homedir = /usr/local/samba/Users/%U
    template shell = /bin/csh
    comment = Home Directories
    path = /usr/local/samba/Users
    read only = No
    comment = Group Folders
    path = /usr/local/samba/Groups
    read only = No
    force security mode = 0666
    force directory security mode = 0775

Every two-three months, all users are unable to access shared folders because the idmap GID range became full!!

What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)"

Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this?

Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errors… thank you all in advance!!

Hotmail: Powerful Free email with security by Microsoft.

More information about the samba mailing list