[Samba] winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) Cannot allocate gid above 20000!
Charles Weber
chaweber at gmail.com
Fri Dec 23 11:59:24 MST 2011
I feel your pain. we are up to 1275000, but have been running idmap/ldap for many years.
I have considered going to RID or full AD integration, but have organizational issues either way.
On Dec 22, 2011, at 3:50 AM, Jelle de Jong wrote:
> On 19/12/11 19:10, Jelle de Jong wrote:
>> On 19/12/11 11:22, Jelle de Jong wrote:
>>> On 23/05/11 13:37, Jelle de Jong wrote:
>>>> I got a few servers that where running stable and somehow winbindd
>>>> started complaining. There were no users added or any samba related
>>>> updates. Also the problems did not started on the same day one of the
>>>> servers started today and on other one months ago...
>>>>
>>>> winbindd[14450]: [2011/05/23 13:33:13.442070, 0]
>>>> winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id)
>>>> winbindd[14450]: Cannot allocate gid above 20000!
>>>>
>>>> # winbindd --version
>>>> Version 3.5.6
>>>
>>> I am still having these errors and I keep increasing the values:
>>>
>>> idmap uid = 10000-60500
>>> idmap gid = 10000-60500
>>>
>>> I started with 20000 and I am now on 60500...
>>>
>>> Dec 19 11:01:15 stayce winbindd[23861]: [2011/12/19 11:01:15.569602, 0]
>>> winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id)
>>> Dec 19 11:01:15 stayce winbindd[23861]: Cannot allocate gid above 60500!
>>>
>>> # winbindd --version
>>> Version 3.5.6
>>
>> I found the following:
>>
>> samba (2:3.5.8~dfsg-1) unstable; urgency=low
>> * New upstream release. This fixes the following bugs:
>> - Winbind leaks gids with idmap ldap backend (upstrem #7777)
>> Closes: #613624
>>
>> Upgraded to:
>>
>> # winbindd --version
>> Version 3.5.11
>>
>> Hopefully this will fix my issues.
>
> Sadly this didn't work!! A few days later the problem started again...
>
> stayce:~# grep "Cannot allocate gid above" /var/log/syslog
> Dec 22 07:28:15 stayce winbindd[26373]: Cannot allocate gid above 61000!
> Dec 22 07:28:15 stayce winbindd[26373]: Cannot allocate gid above 61000!
> Dec 22 07:29:53 stayce winbindd[26373]: Cannot allocate gid above 61000!
> <snip>
> Dec 22 09:31:40 stayce winbindd[26373]: Cannot allocate gid above 61000!
>
> stayce:~# winbindd -V
> Version 3.5.11
> stayce:~# smbd -V
> Version 3.5.11
> stayce:~# testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[documenten]"
> Processing section "[homes]"
> Processing section "[netlogon]"
> Processing section "[profiles]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
>
> [global]
> workgroup = company
> netbios name = SERVER
> passdb backend = ldapsam
> log file = /var/log/samba/log.%m
> smb ports = 445
> time server = Yes
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> logon script = netlogon.bat
> logon path = \\%N\profiles\%U
> domain logons = Yes
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> ldap admin dn = cn=admin,dc=company,dc=nl
> ldap delete dn = Yes
> ldap group suffix = ou=groups
> ldap idmap suffix = ou=idmap
> ldap machine suffix = ou=computers
> ldap passwd sync = yes
> ldap suffix = dc=company,dc=nl
> ldap ssl = no
> ldap user suffix = ou=users
> usershare max shares = 0
> usershare path = /srv/storage/shares
> panic action = /usr/share/samba/panic-action %d
> idmap backend = ldap:ldap://localhost/
> idmap alloc backend = ldap
> idmap uid = 10000-61000
> idmap gid = 10000-61000
> template homedir = /srv/storage/shares/
> template shell = /bin/bash
> ldapsam:trusted = yes
> ldapsam:editposix = yes
> idmap alloc config : ldap_url = ldap://localhost/
> idmap alloc config : ldap_base_dn = ou=idmap,dc=company,dc=nl
> idmap alloc config : ldap_user_dn = cn=admin,dc=company,dc=nl
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
>
> [documenten]
> path = /srv/storage/shares
> read only = No
> inherit acls = Yes
> map acl inherit = Yes
> hide unreadable = Yes
> store dos attributes = Yes
> vfs objects = recycle
> recycle:keeptree = Yes
> recycle:versions = Yes
> recycle:touch_mtime = Yes
>
> [homes]
> comment = Home Directories
> path = /srv/storage/samba/homes/%U
> read only = No
> inherit acls = Yes
> map acl inherit = Yes
> store dos attributes = Yes
> browseable = No
> root preexec = /usr/local/bin/samba-mkdir-home %U
>
> [netlogon]
> comment = Network Logon Service
> path = /srv/storage/samba/netlogon
> read only = No
> inherit acls = Yes
> map acl inherit = Yes
> store dos attributes = Yes
> browseable = No
>
> [profiles]
> comment = Users profiles
> path = /srv/storage/samba/profiles
> read only = No
> inherit acls = Yes
> profile acls = Yes
> map acl inherit = Yes
> store dos attributes = Yes
> browseable = No
>
> Can somebody help me?
>
> Kind regards,
>
> Jelle de Jong
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list