idmap GID range became full without reason
in [Samba]
|
From: gregorcy on 10 Jun 2010 14:00 On 06/10/10 04:52, Andrew Hotlab wrote: > Every two-three months, all users are unable to access shared folders because the idmap GID range became full!! > > What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)" > > Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this? > > Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errors thank you all in advance!! > > Andrew > idmap uid = 15000-20000 > idmap gid = 15000-20000 Can you just increase the range? The setting I am using is: > idmap uid = 500-100000000 > idmap gid = 500-100000000 -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering 801.585.7170 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Andrew Hotlab on 11 Jun 2010 11:20 On 06/10/10 04:52, Andrew Hotlab wrote: > Every two-three months, all users are unable to access shared folders because the idmap GID range became full!! > > What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)" > > Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this? > > Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errors thank you all in advance!! > > Andrew > idmap uid = 15000-20000 > idmap gid = 15000-20000 Can you just increase the range? The setting I am using is: > idmap uid = 500-100000000 > idmap gid = 500-100000000 Thank you Brian. Yes, I can do it, but this will only shift the problem. I'd like to understand the the cause of this behavior and, if applicable, find the solution! :) Andrew _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: gregorcy on 11 Jun 2010 13:10 On 06/11/10 09:12, Andrew Hotlab wrote: > > On 06/10/10 04:52, Andrew Hotlab wrote: >> Every two-three months, all users are unable to access shared folders because the idmap GID range became full!! >> >> What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)" >> >> Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this? >> >> Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errors thank you all in advance!! >> >> Andrew > > >> idmap uid = 15000-20000 >> idmap gid = 15000-20000 > > Can you just increase the range? The setting I am using is: > > idmap uid = 500-100000000 > idmap gid = 500-100000000 > > > > Thank you Brian. > Yes, I can do it, but this will only shift the problem. I'd like to understand the the cause of this behavior and, if applicable, find the solution! :) > > Andrew > I think the cause of the problem is your range is to small. Maybe it is different with the security type you are using, I am using ADS. -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering 801.585.7170 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Andrew Hotlab on 11 Jun 2010 17:40 > On 06/11/10 09:12, Andrew Hotlab wrote: > > > > On 06/10/10 04:52, Andrew Hotlab wrote: > >> Every two-three months, all users are unable to access shared folders because the idmap GID range became full!! > >> > >> What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)" > >> > >> Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this? > >> > >> Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errors thank you all in advance!! > >> > >> Andrew > > > > > >> idmap uid = 15000-20000 > >> idmap gid = 15000-20000 > > > > Can you just increase the range? The setting I am using is: > > > > idmap uid = 500-100000000 > > idmap gid = 500-100000000 > > > > > > > > Thank you Brian. > > Yes, I can do it, but this will only shift the problem. I'd like to understand the the cause of this behavior and, if applicable, find the solution! :) > > > I think the cause of the problem is your range is to small. Maybe it is different with the security type you are using, > I am using ADS. Perhaps this can be helpful to understand the problem... I've just tried the same version of Samba as a member server of a Windows 2003 AD (exactly the same smb.conf): the output of the id command is "uid=15001(andrew) gid=15005(domain users) groups=15005(domain users)", and the gid number never changes, even if I mount the shared folders on Mac. I can't believe this behavior is normal: each time a user mounts a share the gid idmap increase! That would be extremely insane too, because it would make impossible to control access through group permissions! _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Gaiseric Vandal on 12 Jun 2010 17:20
Is the Mac as PDC, or a member server? What is the PDC? Idmap is not as well documented as it could be. I am using idmap with ldap backend for interdomain trusts, with both samba 3.0.x and samba 3.4.x with mixed success. But the behavior you are describing is definitely not OK. In addition to having an idmap section for the trusted domain, I also have an idmap section for "alloc" - I would check the smb.conf man page. I think the "idmap mydomain" section is supposed to help samba check existing idmap uid/gid entries and the "idmap alloc" section is supposed to keep track of the next entry to be allocated. It sounds like samba is unable to determine the existing idmap uid so creates another one. Maybe you can use the wbinfo command to manually set uid/gid's and then try to comment out the idmap entries in smb.conf to prevent future entries being added. -----Original Message----- From: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] On Behalf Of Andrew Hotlab Sent: Friday, June 11, 2010 5:35 PM To: samba(a)lists.samba.org Subject: Re: [Samba] idmap GID range became full without reason > On 06/11/10 09:12, Andrew Hotlab wrote: > > > > On 06/10/10 04:52, Andrew Hotlab wrote: > >> Every two-three months, all users are unable to access shared folders because the idmap GID range became full!! > >> > >> What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)" > >> > >> Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this? > >> > >> Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errors thank you all in advance!! > >> > >> Andrew > > > > > >> idmap uid = 15000-20000 > >> idmap gid = 15000-20000 > > > > Can you just increase the range? The setting I am using is: > > > > idmap uid = 500-100000000 > > idmap gid = 500-100000000 > > > > > > > > Thank you Brian. > > Yes, I can do it, but this will only shift the problem. I'd like to understand the the cause of this behavior and, if applicable, find the solution! :) > > > I think the cause of the problem is your range is to small. Maybe it is different with the security type you are using, > I am using ADS. Perhaps this can be helpful to understand the problem... I've just tried the same version of Samba as a member server of a Windows 2003 AD (exactly the same smb.conf): the output of the id command is "uid=15001(andrew) gid=15005(domain users) groups=15005(domain users)", and the gid number never changes, even if I mount the shared folders on Mac. I can't believe this behavior is normal: each time a user mounts a share the gid idmap increase! That would be extremely insane too, because it would make impossible to control access through group permissions! _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |