No matter how high I keep increasing the idmap gid range it always fills up. What should I try to fix it? Its hard to find useful info using google for this error. Once I make a change and restart winbind and smbd the error comes back by the next day. The server running samba is AIX 6.1. Here's the error message in 'log.winbindd-idmap': [2009/11/10 11:24:07, 1] winbindd/idmap_tdb.c:445(idmap_tdb_allocate_id) Fatal Error: GID range full!! (max: 2632269824) Here's a copy of the global section of the smb.conf file. [global] workgroup = ENGINEERING realm = ENGINEERING.LOCAL preferred master = no server string = cmlib file server samba version %v security = ADS #password server = * password server = cm-engdc2.usca.ibm.com cm-engdc.usca.ibm.com wins server = 9.39.32.100 netbios name = cmlib netbios aliases = tree0 nfsdepot01 cmdepot encrypt passwords = yes log level = 2 log file = /var/log/samba/%m max log size = 50 debug timestamp = yes winbind separator = / idmap uid = 10000000000000-20000000000000 idmap gid = 10000000000000-20000000000000 create mask = 0664 security mask = 0664 directory mask = 0775 directory security mask = 0775 force create mode = 0664 force directory mode = 0775 force group = "engusers" time server = yes guest account = nobody invalid users = root,daemon,bin,sys,adm,uucp,nuucp,lpd,imnadm,ipsec,lp,snapp,invscout
Unless my eyes are crossed because of all the zeros you want your ids between 10 trillions to 2 trillions, unfortunately the max size for an id is limited by the size of a 32bit integer and in general it is better to keep it within the signed range. So the maximum value should be 2147483647 (2 and some billions).
You're eyes are not crossed and I really don't want the max value to be that high. I originally started with 10000-20000, but the error keeps popping up, so I would increase the max higher and it would work for a day maybe and the error comes back. Is there a way reclaim those gid's?
You can dump the idmap cache into a file so you can inspect what's wrong. See the net idmap command in the net man page.
and also the output of "net idmap dump", please
Created attachment 4950 [details] net idmap dump output of winbindd_idmap.tdb here's the dump of winbindd_idmap.tdb
The same problem on Solaris 10 (sparc platform): # testparm -s 2>&1 | grep idmap idmap uid = 10000-300000000 idmap gid = 10000-300000000 # net idmap dump winbindd_idmap.tdb GID 10000 S-1-5-32-544 GID 287768576 S-1-5-32-545 USER HWM 10000 GID 16787217 S-1-1-0 GROUP HWM 304545793 # wbinfo -i aduser Could not get info for user aduser # wbinfo -n aduser S-1-5-21-654915527-2590785792-1044136468-1296 User (1) # net idmap dump winbindd_idmap.tdb GID 10000 S-1-5-32-544 GID 287768576 S-1-5-32-545 USER HWM 287768576 UID 10000 S-1-5-21-654915527-2590785792-1044136468-1296 GID 16787217 S-1-1-0 GROUP HWM 304545793
addition to comment #6: # wbinfo -i aduser2 Could not get info for user aduser2 # wbinfo -n aduser2 S-1-5-21-654915527-2590785792-1044136468-1111 User (1) # net idmap dump winbindd_idmap.tdb GID 10000 S-1-5-32-544 GID 287768576 S-1-5-32-545 UID 287768576 S-1-5-21-654915527-2590785792-1044136468-1111 USER HWM 16787217 UID 10000 S-1-5-21-654915527-2590785792-1044136468-1296 GID 16787217 S-1-1-0 GROUP HWM 304545793
Michael - thanks for creating the connection to bug #6901. This is very likely the same. Marking this as a duplicate. I have posted patches to bug #6901 for inclusion into 3.4.4. Mike: Could you try if these patches solve your problem? Cheers - Michael *** This bug has been marked as a duplicate of bug 6901 ***