Bug 6884 - Fatal Error: GID range full!!
Fatal Error: GID range full!!
Status: RESOLVED DUPLICATE of bug 6901
Product: Samba 3.4
Classification: Unclassified
Component: Winbind
3.4.2
PPC AIX
: P3 major
: ---
Assigned To: Michael Adam
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-11-10 13:36 UTC by Mike Christensen
Modified: 2009-11-20 18:29 UTC (History)
2 users (show)

See Also:


Attachments
net idmap dump output of winbindd_idmap.tdb (18.27 KB, application/octet-stream)
2009-11-11 11:15 UTC, Mike Christensen
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Christensen 2009-11-10 13:36:12 UTC
No matter how high I keep increasing the idmap gid range it always fills up.  What should I try to fix it?  Its hard to find useful info using google for this error.  Once I make a change and restart winbind and smbd the error comes back by the next day.

The server running samba is AIX 6.1.

Here's the error message in 'log.winbindd-idmap':
[2009/11/10 11:24:07,  1] winbindd/idmap_tdb.c:445(idmap_tdb_allocate_id)
 Fatal Error: GID range full!! (max: 2632269824)


Here's a copy of the global section of the smb.conf file.

[global]
workgroup = ENGINEERING
realm = ENGINEERING.LOCAL
preferred master = no
server string = cmlib file server samba version %v
security = ADS
#password server = *
password server = cm-engdc2.usca.ibm.com cm-engdc.usca.ibm.com
wins server = 9.39.32.100
netbios name = cmlib
netbios aliases = tree0 nfsdepot01 cmdepot
encrypt passwords = yes
log level = 2
log file = /var/log/samba/%m
max log size = 50
debug timestamp = yes
winbind separator = /
idmap uid = 10000000000000-20000000000000
idmap gid = 10000000000000-20000000000000
create mask = 0664
security mask = 0664
directory mask = 0775
directory security mask = 0775
force create mode = 0664
force directory mode = 0775
force group = "engusers"
time server = yes
guest account = nobody
invalid users = root,daemon,bin,sys,adm,uucp,nuucp,lpd,imnadm,ipsec,lp,snapp,invscout
Comment 1 Simo Sorce 2009-11-10 15:52:26 UTC
Unless my eyes are crossed because of all the zeros you want your ids between 10 trillions to 2 trillions, unfortunately the max size for an id is limited by the size of a 32bit integer and in general it is better to keep it within the signed range. So the maximum value should be 2147483647 (2 and some billions).
Comment 2 Mike Christensen 2009-11-10 16:54:23 UTC
You're eyes are not crossed and I really don't want the max value to be that high.  I originally started with 10000-20000, but the error keeps popping up, so I would increase the max higher and it would work for a day maybe and the error comes back.

Is there a way reclaim those gid's?
Comment 3 Simo Sorce 2009-11-11 07:49:41 UTC
You can dump the idmap cache into a file so you can inspect what's wrong.
See the net idmap command in the net man page.
Comment 4 Michael Adam 2009-11-11 08:03:10 UTC
and also the output of "net idmap dump", please
Comment 5 Mike Christensen 2009-11-11 11:15:27 UTC
Created attachment 4950 [details]
net idmap dump output of winbindd_idmap.tdb

here's the dump of winbindd_idmap.tdb
Comment 6 Michael Isaev 2009-11-17 02:48:14 UTC
The same problem on Solaris 10 (sparc platform):

# testparm -s 2>&1 | grep idmap
        idmap uid = 10000-300000000
        idmap gid = 10000-300000000

# net idmap dump winbindd_idmap.tdb
GID 10000 S-1-5-32-544
GID 287768576 S-1-5-32-545
USER HWM 10000
GID 16787217 S-1-1-0
GROUP HWM 304545793

# wbinfo -i aduser
Could not get info for user aduser

# wbinfo -n aduser
S-1-5-21-654915527-2590785792-1044136468-1296 User (1)

# net idmap dump winbindd_idmap.tdb
GID 10000 S-1-5-32-544
GID 287768576 S-1-5-32-545
USER HWM 287768576
UID 10000 S-1-5-21-654915527-2590785792-1044136468-1296
GID 16787217 S-1-1-0
GROUP HWM 304545793
Comment 7 Michael Isaev 2009-11-17 02:53:48 UTC
addition to comment #6:

# wbinfo -i aduser2
Could not get info for user aduser2

# wbinfo -n aduser2
S-1-5-21-654915527-2590785792-1044136468-1111 User (1)

# net idmap dump winbindd_idmap.tdb
GID 10000 S-1-5-32-544
GID 287768576 S-1-5-32-545
UID 287768576 S-1-5-21-654915527-2590785792-1044136468-1111
USER HWM 16787217
UID 10000 S-1-5-21-654915527-2590785792-1044136468-1296
GID 16787217 S-1-1-0
GROUP HWM 304545793
Comment 8 Michael Adam 2009-11-20 18:29:41 UTC
Michael - thanks for creating the connection to bug #6901.
This is very likely the same. Marking this as a duplicate.
I have posted patches to bug #6901 for inclusion into 3.4.4.

Mike: Could you try if these patches solve your problem?

Cheers - Michael



*** This bug has been marked as a duplicate of bug 6901 ***