Web lists-archives.com

Re: [Samba] GID range full!!




On Mon, 4 Dec 2017 12:13:39 +0100
"Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> 
> Twice this week I had a Domain Member Server "crash"
> 
> A week ago I saw errors like this in log.winbindd-idmap:
> 
> [2017/11/27 11:25:02.768090,  1]
> ../source3/winbindd/idmap_tdb_common.c:140(idmap_tdb_common_allocate_id)
>   Error allocating a new GID
> [2017/11/27 11:25:02.768213,  1]
> ../source3/winbindd/idmap_tdb_common.c:68(idmap_tdb_common_allocate_id_action)
>   Fatal Error: GID range full!! (max: 2999)
> 
> I increased this from 2999 to 9999:
> 
> 	idmap config arbeitsgruppe:schema_mode = rfc2307
> 	idmap config arbeitsgruppe:range = 10000-9999999
> 	idmap config arbeitsgruppe:backend = ad
> 	idmap config * : range = 2000-9999
> 	idmap config * : backend = tdb
> 
> and restarted smbd/nmbd/winbindd
> 
> Today it crashed again, but without those lines:
> 
> [2017/11/27 11:25:02.768228,  1]
> ../source3/winbindd/idmap_tdb_common.c:140(idmap_tdb_common_allocate_id)
>   Error allocating a new GID
> [2017/11/27 11:26:43.632040,  1]
> ../source3/winbindd/winbindd.c:396(winbindd_sig_hup_handler)
>   Reloading services after SIGHUP
> [2017/12/04 11:50:31.642817,  0]
> ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
>   Got sig[15] terminate (is_parent=0)
> [2017/12/04 11:51:50.973272,  0]
> ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
>   Got sig[15] terminate (is_parent=0)
> 
> Samba-4.6.11 btw
> 
> Hmm.
> 
> What does samba need >3000 IDs for, when we have around 40 users and
> maybe 15 groups in ADS there?
> 
> Can someone explain?
> 
> How to maybe clean that up, get rid of wrong ids or whatever is
> needed here?
> 

II take it that 'arbeitsgruppe' is the workgroup name, it should be
'ARBEITSGRUPPE' in the 'idmap config' lines.
The '*' range is used to store the Well Known SIDs and anything outside
the 'arbeitsgruppe' domain, 7999 IDs is more than enough for this, in
fact 999 IDs should have been enough, there are less than 200 Well
Known SIDs. 
Your 'arbeitsgruppe' domain members should fit into 9989999 IDs

I suspect that either your domain computers are not in fact domain
computers, or something is badly mis-configured.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba