[Samba] Corrupted idmap...
Ryan Ashley
ryana at reachtechfp.com
Tue Jan 17 14:42:33 UTC 2017
Rowland, that opened up a whole new can of worms. I did exactly as
instructed, but when I did the "net cache flush" I got spammed with
stuff like the following, and I mean SPAMMED. Thousands of lines, way
beyond my scrollback buffer.
tdb(/var/lock/samba/gencache_notrans.tdb): tdb_expand overflow detected
current map_size[4294967295] size[96]!
tdb(/var/lock/samba/gencache_notrans.tdb): tdb_expand overflow detected
current map_size[4294967295] size[96]!
tdb(/var/lock/samba/gencache_notrans.tdb): tdb_expand overflow detected
current map_size[4294967295] size[96]!
tdb(/var/lock/samba/gencache_notrans.tdb): tdb_expand overflow detected
current map_size[4294967295] size[96]!
Looks like a database has grown too large or something. Not sure as I
have no experience with TDB, only MySQL and MSSQL.
Lead IT/IS Specialist
Reach Technology FP, Inc
On 01/14/2017 11:40 AM, Rowland Penny via samba wrote:
> On Sat, 14 Jan 2017 11:17:57 -0500
> Ryan Ashley via samba <samba at lists.samba.org> wrote:
>
>> Rowland, I commented out what you asked me to, no change.
>>
>> # Global parameters
>> [global]
>> workgroup = TRUEVINE
>> realm = TRUEVINE.LAN
>> netbios name = DC01
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbi$
>> # idmap_ldb:use rfc2307 = yes
>> # idmap config *:backend = tdb
>> # idmap config *:range = 2001-10000
>> # idmap config TRUEVINE:backend = ad
>> # idmap config TRUEVINE:schema_mode = rfc2307
>> # idmap config TRUEVINE:range = 10001-20000
>> # domain master = yes
>> # local master = yes
>> # preferred master = yes
>> # os level = 255
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/truevine.lan/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> Results:
>> root at dc01:~# nano -w /etc/samba/smb.conf
>> root at dc01:~# service samba4 stop
>> [ ok ] Stopping Samba AD DC daemon: samba.
>> root at dc01:~# service samba4 start
>> [ ok ] Starting Samba AD DC daemon: samba.
>> root at dc01:~# smbclient -L \\localhost -U administrator
>> Enter administrator's password:
>> session setup failed: NT_STATUS_INVALID_SID
>> root at dc01:~#
>>
>> Lead IT/IS Specialist
>> Reach Technology FP, Inc
>>
>> On 01/13/2017 01:07 PM, Rowland Penny via samba wrote:
>>> On Fri, 13 Jan 2017 12:46:27 -0500
>>> Ryan Ashley via samba <samba at lists.samba.org> wrote:
>>>
>>>> OK, I noticed that also, but why does everything return
>>>> NT_STATUS_INVALID_SID? Even if I run "smbclient -L \\localhost -U
>>>> adminnamehere" on the DC itself, I get the error. At this point we
>>>> are looking at erasing every workstation, wiping the DC, and
>>>> starting from scratch. It has been a week and not even rolling
>>>> back to 4.4 fixed it. What should my next steps be? I attached the
>>>> server configuration file for reference. Note that it has run this
>>>> way for a year without a hitch and nothing has been changed since
>>>> day 1.
>>>>
>>>> # Global parameters
>>>> [global]
>>>> workgroup = TRUEVINE
>>>> realm = TRUEVINE.LAN
>>>> netbios name = DC01
>>>> server role = active directory domain controller
>>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>>>> idmap_ldb:use rfc2307 = yes
>>>> idmap config *:backend = tdb
>>>> idmap config *:range = 2001-10000
>>>> idmap config TRUEVINE:backend = ad
>>>> idmap config TRUEVINE:schema_mode = rfc2307
>>>> idmap config TRUEVINE:range = 10001-20000
>>>> domain master = yes
>>>> local master = yes
>>>> preferred master = yes
>>>> os level = 255
>>>>
>>>> [netlogon]
>>>> path = /var/lib/samba/sysvol/truevine.lan/scripts
>>>> read only = No
>>>>
>>>> [sysvol]
>>>> path = /var/lib/samba/sysvol
>>>> read only = No
>>>>
>>>
>>> Now I have seen your smb.conf, I think I can tell you why you are
>>> getting 'NT_STATUS_INVALID_SID'
>>>
>>> You have 'idmap config' lines, these do nothing on a DC, or rather
>>> they did nothing until 4.5.0, now they cause errors, so I would
>>> remove them. I would also remove the 'master' lines and the 'os'
>>> line.
>>>
>>> When 4.6.0 comes out, it is my understanding that you will not have
>>> this problem, Samba will flat out refuse to start if you have the
>>> idmap lines in smb.conf ;-)
>>>
>>> Rowland
>>>
>>>
>>
>
> Put 'idmap_ldb:use rfc2307 = yes' back, you need it, the idmap lines I
> was referring to, start with 'idmap config'
>
> Run 'net cache flush'
> Ensure the libnss_winbind links exist, the 'passwd' & 'group' lines
> in /etc/nsswitch.conf contain 'winbind' and PAM is set up correctly.
> It may also help if you restart the DC
>
> Rowland
>
>
More information about the samba
mailing list