From: Andrew Hotlab on

Please excuse my ignorance: I have been running Samba for a little time, and I've very little experience with it.

I'm running Samba 3.0.37 on FreeBSD 7.2/amd64, configured as member server of a domain whose PDC is a Samba 3.0.25b-apple (the default Samba instance running on a Mac OS X 10.5.8).

The member server is sharing a couple of folders for 5 users (most of whom are using Mac OS 10.5.8 on their clients). Here is the smb.conf (Mac Server has the IP, FreeBSD has IP

workgroup = XXXX
netbios name = BSD-SERVER
server string =
interfaces =
security = DOMAIN
auth methods = winbind
passdb backend = tdbsam
load printers = No
printcap name = /etc/printcap
disable spoolss = Yes
show add printer wizard = No
preferred master = No
local master = No
domain master = No
wins server =
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind use default domain = Yes
hide dot files = No
template homedir = /usr/local/samba/Users/%U
template shell = /bin/csh
comment = Home Directories
path = /usr/local/samba/Users
read only = No
comment = Group Folders
path = /usr/local/samba/Groups
read only = No
force security mode = 0666
force directory security mode = 0775

Every two-three months, all users are unable to access shared folders because the idmap GID range became full!!

What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)"

Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this?

Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errorsÂ… thank you all in advance!!


Hotmail: Powerful Free email with security by Microsoft.
To unsubscribe from this list go to the following URL and read the