Is the Mac as PDC, or a member server? What is the PDC?
Idmap is not as well documented as it could be. I am using idmap with ldap backend for interdomain trusts, with both samba 3.0.x and samba 3.4.x with mixed success. But the behavior you are describing is definitely not OK. In addition to having an idmap section for the trusted domain, I also have an idmap section for "alloc" - I would check the smb.conf man page. I think the "idmap mydomain" section is supposed to help samba check existing idmap uid/gid entries and the "idmap alloc" section is supposed to keep track of the next entry to be allocated. It sounds like samba is unable to determine the existing idmap uid so creates another one. Maybe you can use the wbinfo command to manually set uid/gid's and then try to comment out the idmap entries in smb.conf to prevent future entries being added. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Hotlab Sent: Friday, June 11, 2010 5:35 PM To: [email protected] Subject: Re: [Samba] idmap GID range became full without reason > On 06/11/10 09:12, Andrew Hotlab wrote: > > > > On 06/10/10 04:52, Andrew Hotlab wrote: > >> Every two-three months, all users are unable to access shared folders because the idmap GID range became full!! > >> > >> What I noticed is that each time a user mounts a shared folder, his/her GID is incremented, and when it reaches the upper limit, the file log.winbindd-idmap became full of these errors: "nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000)" > >> > >> Can anyone kindly suggest me what is causing this behavior, or at least put me in the right direction? Can I activate some debug to obtain more info about this? > >> > >> Any help will be greatly appreciated: I convinced the customer to use Mac/BSD/Samba instead of going to Windows because I was confident it would have been a valid alternative, and it's hard to justify these errors thank you all in advance!! > >> > >> Andrew > > > > > >> idmap uid = 15000-20000 > >> idmap gid = 15000-20000 > > > > Can you just increase the range? The setting I am using is: > > > > idmap uid = 500-100000000 > > idmap gid = 500-100000000 > > > > > > > > Thank you Brian. > > Yes, I can do it, but this will only shift the problem. I'd like to understand the the cause of this behavior and, if applicable, find the solution! :) > > > I think the cause of the problem is your range is to small. Maybe it is different with the security type you are using, > I am using ADS. Perhaps this can be helpful to understand the problem... I've just tried the same version of Samba as a member server of a Windows 2003 AD (exactly the same smb.conf): the output of the id command is "uid=15001(andrew) gid=15005(domain users) groups=15005(domain users)", and the gid number never changes, even if I mount the shared folders on Mac. I can't believe this behavior is normal: each time a user mounts a share the gid idmap increase! That would be extremely insane too, because it would make impossible to control access through group permissions! _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
