[Samba] Corrupted idmap...

Ryan Ashley ryana at reachtechfp.com
Tue Jan 17 14:42:33 UTC 2017 

Rowland, that opened up a whole new can of worms. I did exactly as
instructed, but when I did the "net cache flush" I got spammed with
stuff like the following, and I mean SPAMMED. Thousands of lines, way
beyond my scrollback buffer.

tdb(/var/lock/samba/gencache_notrans.tdb): tdb_expand overflow detected
current map_size[4294967295] size[96]!
tdb(/var/lock/samba/gencache_notrans.tdb): tdb_expand overflow detected
current map_size[4294967295] size[96]!
tdb(/var/lock/samba/gencache_notrans.tdb): tdb_expand overflow detected
current map_size[4294967295] size[96]!
tdb(/var/lock/samba/gencache_notrans.tdb): tdb_expand overflow detected
current map_size[4294967295] size[96]!

Looks like a database has grown too large or something. Not sure as I
have no experience with TDB, only MySQL and MSSQL.

Lead IT/IS Specialist
Reach Technology FP, Inc

On 01/14/2017 11:40 AM, Rowland Penny via samba wrote:
> On Sat, 14 Jan 2017 11:17:57 -0500
> Ryan Ashley via samba <samba at lists.samba.org> wrote:
> 
>> Rowland, I commented out what you asked me to, no change.
>>
>> # Global parameters
>> [global]
>>         workgroup = TRUEVINE
>>         realm = TRUEVINE.LAN
>>         netbios name = DC01
>>         server role = active directory domain controller
>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbi$
>> #       idmap_ldb:use rfc2307 = yes
>> #       idmap config *:backend = tdb
>> #       idmap config *:range = 2001-10000
>> #       idmap config TRUEVINE:backend = ad
>> #       idmap config TRUEVINE:schema_mode = rfc2307
>> #       idmap config TRUEVINE:range = 10001-20000
>> #       domain master = yes
>> #       local master = yes
>> #       preferred master = yes
>> #       os level = 255
>>
>> [netlogon]
>>         path = /var/lib/samba/sysvol/truevine.lan/scripts
>>         read only = No
>>
>> [sysvol]
>>         path = /var/lib/samba/sysvol
>>         read only = No
>>
>> Results:
>> root at dc01:~# nano -w /etc/samba/smb.conf
>> root at dc01:~# service samba4 stop
>> [ ok ] Stopping Samba AD DC daemon: samba.
>> root at dc01:~# service samba4 start
>> [ ok ] Starting Samba AD DC daemon: samba.
>> root at dc01:~# smbclient -L \\localhost -U administrator
>> Enter administrator's password:
>> session setup failed: NT_STATUS_INVALID_SID
>> root at dc01:~#
>>
>> Lead IT/IS Specialist
>> Reach Technology FP, Inc
>>
>> On 01/13/2017 01:07 PM, Rowland Penny via samba wrote:
>>> On Fri, 13 Jan 2017 12:46:27 -0500
>>> Ryan Ashley via samba <samba at lists.samba.org> wrote:
>>>
>>>> OK, I noticed that also, but why does everything return
>>>> NT_STATUS_INVALID_SID? Even if I run "smbclient -L \\localhost -U
>>>> adminnamehere" on the DC itself, I get the error. At this point we
>>>> are looking at erasing every workstation, wiping the DC, and
>>>> starting from scratch. It has been a week and not even rolling
>>>> back to 4.4 fixed it. What should my next steps be? I attached the
>>>> server configuration file for reference. Note that it has run this
>>>> way for a year without a hitch and nothing has been changed since
>>>> day 1.
>>>>
>>>> # Global parameters
>>>> [global]
>>>>         workgroup = TRUEVINE
>>>>         realm = TRUEVINE.LAN
>>>>         netbios name = DC01
>>>>         server role = active directory domain controller
>>>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>>>>         idmap_ldb:use rfc2307 = yes
>>>>         idmap config *:backend = tdb
>>>>         idmap config *:range = 2001-10000
>>>>         idmap config TRUEVINE:backend = ad
>>>>         idmap config TRUEVINE:schema_mode = rfc2307
>>>>         idmap config TRUEVINE:range = 10001-20000
>>>>         domain master = yes
>>>>         local master = yes
>>>>         preferred master = yes
>>>>         os level = 255
>>>>
>>>> [netlogon]
>>>>         path = /var/lib/samba/sysvol/truevine.lan/scripts
>>>>         read only = No
>>>>
>>>> [sysvol]
>>>>         path = /var/lib/samba/sysvol
>>>>         read only = No
>>>>
>>>
>>> Now I have seen your smb.conf, I think I can tell you why you are
>>> getting 'NT_STATUS_INVALID_SID'
>>>
>>> You have 'idmap config' lines, these do nothing on a DC, or rather
>>> they did nothing until 4.5.0, now they cause errors, so I would
>>> remove them. I would also remove the 'master' lines and the 'os'
>>> line.
>>>
>>> When 4.6.0 comes out, it is my understanding that you will not have
>>> this problem, Samba will flat out refuse to start if you have the
>>> idmap lines in smb.conf ;-)
>>>
>>> Rowland
>>>  
>>>
>>
> 
> Put 'idmap_ldb:use rfc2307 = yes' back, you need it, the idmap lines I
> was referring to, start with 'idmap config'
> 
> Run 'net cache flush'
> Ensure the libnss_winbind links exist, the 'passwd' & 'group' lines
> in /etc/nsswitch.conf contain 'winbind' and PAM is set up correctly.
> It may also help if you restart the DC
> 
> Rowland
> 
>

More information about the samba mailing list