[Samba] winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) Cannot allocate gid above 20000!

Charles Weber chaweber at gmail.com
Fri Dec 23 11:59:24 MST 2011 

I feel your pain. we are up to  1275000, but have been running idmap/ldap for many years.
I have considered going to RID or full AD integration, but have organizational issues either way.

On Dec 22, 2011, at 3:50 AM, Jelle de Jong wrote:

> On 19/12/11 19:10, Jelle de Jong wrote:
>> On 19/12/11 11:22, Jelle de Jong wrote:
>>> On 23/05/11 13:37, Jelle de Jong wrote:
>>>> I got a few servers that where running stable and somehow winbindd
>>>> started complaining. There were no users added or any samba related
>>>> updates. Also the problems did not started on the same day one of the
>>>> servers started today and on other one months ago...
>>>> 
>>>> winbindd[14450]: [2011/05/23 13:33:13.442070,  0]
>>>> winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id)
>>>> winbindd[14450]:   Cannot allocate gid above 20000!
>>>> 
>>>> # winbindd --version
>>>> Version 3.5.6
>>> 
>>> I am still having these errors and I keep increasing the values:
>>> 
>>>   idmap uid = 10000-60500
>>>   idmap gid = 10000-60500
>>> 
>>> I started with 20000 and I am now on 60500...
>>> 
>>> Dec 19 11:01:15 stayce winbindd[23861]: [2011/12/19 11:01:15.569602,  0]
>>> winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id)
>>> Dec 19 11:01:15 stayce winbindd[23861]:   Cannot allocate gid above 60500!
>>> 
>>> # winbindd --version
>>> Version 3.5.6
>> 
>> I found the following:
>> 
>> samba (2:3.5.8~dfsg-1) unstable; urgency=low
>>  * New upstream release. This fixes the following bugs:
>>    - Winbind leaks gids with idmap ldap backend (upstrem #7777)
>>      Closes: #613624
>> 
>> Upgraded to:
>> 
>> # winbindd --version
>> Version 3.5.11
>> 
>> Hopefully this will fix my issues.
> 
> Sadly this didn't work!! A few days later the problem started again...
> 
> stayce:~# grep "Cannot allocate gid above" /var/log/syslog
> Dec 22 07:28:15 stayce winbindd[26373]:   Cannot allocate gid above 61000!
> Dec 22 07:28:15 stayce winbindd[26373]:   Cannot allocate gid above 61000!
> Dec 22 07:29:53 stayce winbindd[26373]:   Cannot allocate gid above 61000!
> <snip>
> Dec 22 09:31:40 stayce winbindd[26373]:   Cannot allocate gid above 61000!
> 
> stayce:~# winbindd -V
> Version 3.5.11
> stayce:~# smbd -V
> Version 3.5.11
> stayce:~# testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[documenten]"
> Processing section "[homes]"
> Processing section "[netlogon]"
> Processing section "[profiles]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
> 
> [global]
> 	workgroup = company
> 	netbios name = SERVER
> 	passdb backend = ldapsam
> 	log file = /var/log/samba/log.%m
> 	smb ports = 445
> 	time server = Yes
> 	load printers = No
> 	printcap name = /dev/null
> 	disable spoolss = Yes
> 	logon script = netlogon.bat
> 	logon path = \\%N\profiles\%U
> 	domain logons = Yes
> 	preferred master = Yes
> 	domain master = Yes
> 	dns proxy = No
> 	ldap admin dn = cn=admin,dc=company,dc=nl
> 	ldap delete dn = Yes
> 	ldap group suffix = ou=groups
> 	ldap idmap suffix = ou=idmap
> 	ldap machine suffix = ou=computers
> 	ldap passwd sync = yes
> 	ldap suffix = dc=company,dc=nl
> 	ldap ssl = no
> 	ldap user suffix = ou=users
> 	usershare max shares = 0
> 	usershare path = /srv/storage/shares
> 	panic action = /usr/share/samba/panic-action %d
> 	idmap backend = ldap:ldap://localhost/
> 	idmap alloc backend = ldap
> 	idmap uid = 10000-61000
> 	idmap gid = 10000-61000
> 	template homedir = /srv/storage/shares/
> 	template shell = /bin/bash
> 	ldapsam:trusted = yes
> 	ldapsam:editposix = yes
> 	idmap alloc config : ldap_url = ldap://localhost/
> 	idmap alloc config : ldap_base_dn = ou=idmap,dc=company,dc=nl
> 	idmap alloc config : ldap_user_dn = cn=admin,dc=company,dc=nl
> 	printing = bsd
> 	print command = lpr -r -P'%p' %s
> 	lpq command = lpq -P'%p'
> 	lprm command = lprm -P'%p' %j
> 
> [documenten]
> 	path = /srv/storage/shares
> 	read only = No
> 	inherit acls = Yes
> 	map acl inherit = Yes
> 	hide unreadable = Yes
> 	store dos attributes = Yes
> 	vfs objects = recycle
> 	recycle:keeptree = Yes
> 	recycle:versions = Yes
> 	recycle:touch_mtime = Yes
> 
> [homes]
> 	comment = Home Directories
> 	path = /srv/storage/samba/homes/%U
> 	read only = No
> 	inherit acls = Yes
> 	map acl inherit = Yes
> 	store dos attributes = Yes
> 	browseable = No
> 	root preexec = /usr/local/bin/samba-mkdir-home %U
> 
> [netlogon]
> 	comment = Network Logon Service
> 	path = /srv/storage/samba/netlogon
> 	read only = No
> 	inherit acls = Yes
> 	map acl inherit = Yes
> 	store dos attributes = Yes
> 	browseable = No
> 
> [profiles]
> 	comment = Users profiles
> 	path = /srv/storage/samba/profiles
> 	read only = No
> 	inherit acls = Yes
> 	profile acls = Yes
> 	map acl inherit = Yes
> 	store dos attributes = Yes
> 	browseable = No
> 
> Can somebody help me?
> 
> Kind regards,
> 
> Jelle de Jong
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list