[Samba] idmap GID range became full without reason
Andrew Hotlab
andrew.hotlab at hotmail.com
Fri Jun 11 15:34:49 MDT 2010
> On 06/11/10 09:12, Andrew Hotlab wrote:
> >
> > On 06/10/10 04:52, Andrew Hotlab wrote:
> >> Every two-three months, all users are unable to access shared folders because the idmap GID range became full!!
> >>
> >> What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)"
> >>
> >> Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this?
> >>
> >> Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errors… thank you all in advance!!
> >>
> >> Andrew
> >
> >
> >> idmap uid = 15000-20000
> >> idmap gid = 15000-20000
> >
> > Can you just increase the range? The setting I am using is:
> >
> > idmap uid = 500-100000000
> > idmap gid = 500-100000000
> >
> >
> >
> > Thank you Brian.
> > Yes, I can do it, but this will only shift the problem. I'd like to understand the the cause of this behavior and, if applicable, find the solution! :)
> >
> I think the cause of the problem is your range is to small. Maybe it is different with the security type you are using,
> I am using ADS.
Perhaps this can be helpful to understand the problem... I've just tried the same version of Samba as a member server of a Windows 2003 AD (exactly the same smb.conf): the output of the id command is "uid=15001(andrew) gid=15005(domain users) groups=15005(domain users)", and the gid number never changes, even if I mount the shared folders on Mac.
I can't believe this behavior is normal: each time a user mounts a share the gid idmap increase! That would be extremely insane too, because it would make impossible to control access through group permissions!
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969
More information about the samba
mailing list