[Samba] winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) Cannot allocate gid above 20000!

Jelle de Jong jelledejong at powercraft.nl
Thu Dec 22 01:50:31 MST 2011 

On 19/12/11 19:10, Jelle de Jong wrote:
> On 19/12/11 11:22, Jelle de Jong wrote:
>> On 23/05/11 13:37, Jelle de Jong wrote:
>>> I got a few servers that where running stable and somehow winbindd
>>> started complaining. There were no users added or any samba related
>>> updates. Also the problems did not started on the same day one of the
>>> servers started today and on other one months ago...
>>>
>>> winbindd[14450]: [2011/05/23 13:33:13.442070,  0]
>>> winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id)
>>> winbindd[14450]:   Cannot allocate gid above 20000!
>>>
>>> # winbindd --version
>>> Version 3.5.6
>>
>> I am still having these errors and I keep increasing the values:
>>
>>    idmap uid = 10000-60500
>>    idmap gid = 10000-60500
>>
>> I started with 20000 and I am now on 60500...
>>
>> Dec 19 11:01:15 stayce winbindd[23861]: [2011/12/19 11:01:15.569602,  0]
>> winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id)
>> Dec 19 11:01:15 stayce winbindd[23861]:   Cannot allocate gid above 60500!
>>
>> # winbindd --version
>> Version 3.5.6
> 
> I found the following:
> 
> samba (2:3.5.8~dfsg-1) unstable; urgency=low
>   * New upstream release. This fixes the following bugs:
>     - Winbind leaks gids with idmap ldap backend (upstrem #7777)
>       Closes: #613624
> 
> Upgraded to:
> 
> # winbindd --version
> Version 3.5.11
> 
> Hopefully this will fix my issues.

Sadly this didn't work!! A few days later the problem started again...

stayce:~# grep "Cannot allocate gid above" /var/log/syslog
Dec 22 07:28:15 stayce winbindd[26373]:   Cannot allocate gid above 61000!
Dec 22 07:28:15 stayce winbindd[26373]:   Cannot allocate gid above 61000!
Dec 22 07:29:53 stayce winbindd[26373]:   Cannot allocate gid above 61000!
<snip>
Dec 22 09:31:40 stayce winbindd[26373]:   Cannot allocate gid above 61000!

stayce:~# winbindd -V
Version 3.5.11
stayce:~# smbd -V
Version 3.5.11
stayce:~# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[documenten]"
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
	workgroup = company
	netbios name = SERVER
	passdb backend = ldapsam
	log file = /var/log/samba/log.%m
	smb ports = 445
	time server = Yes
	load printers = No
	printcap name = /dev/null
	disable spoolss = Yes
	logon script = netlogon.bat
	logon path = \\%N\profiles\%U
	domain logons = Yes
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	ldap admin dn = cn=admin,dc=company,dc=nl
	ldap delete dn = Yes
	ldap group suffix = ou=groups
	ldap idmap suffix = ou=idmap
	ldap machine suffix = ou=computers
	ldap passwd sync = yes
	ldap suffix = dc=company,dc=nl
	ldap ssl = no
	ldap user suffix = ou=users
	usershare max shares = 0
	usershare path = /srv/storage/shares
	panic action = /usr/share/samba/panic-action %d
	idmap backend = ldap:ldap://localhost/
	idmap alloc backend = ldap
	idmap uid = 10000-61000
	idmap gid = 10000-61000
	template homedir = /srv/storage/shares/
	template shell = /bin/bash
	ldapsam:trusted = yes
	ldapsam:editposix = yes
	idmap alloc config : ldap_url = ldap://localhost/
	idmap alloc config : ldap_base_dn = ou=idmap,dc=company,dc=nl
	idmap alloc config : ldap_user_dn = cn=admin,dc=company,dc=nl
	printing = bsd
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j

[documenten]
	path = /srv/storage/shares
	read only = No
	inherit acls = Yes
	map acl inherit = Yes
	hide unreadable = Yes
	store dos attributes = Yes
	vfs objects = recycle
	recycle:keeptree = Yes
	recycle:versions = Yes
	recycle:touch_mtime = Yes

[homes]
	comment = Home Directories
	path = /srv/storage/samba/homes/%U
	read only = No
	inherit acls = Yes
	map acl inherit = Yes
	store dos attributes = Yes
	browseable = No
	root preexec = /usr/local/bin/samba-mkdir-home %U

[netlogon]
	comment = Network Logon Service
	path = /srv/storage/samba/netlogon
	read only = No
	inherit acls = Yes
	map acl inherit = Yes
	store dos attributes = Yes
	browseable = No

[profiles]
	comment = Users profiles
	path = /srv/storage/samba/profiles
	read only = No
	inherit acls = Yes
	profile acls = Yes
	map acl inherit = Yes
	store dos attributes = Yes
	browseable = No

Can somebody help me?

Kind regards,

Jelle de Jong

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20111222/0e195c3e/attachment.pgp>

More information about the samba mailing list