I feel your pain. we are up to 1275000, but have been running idmap/ldap for many years. I have considered going to RID or full AD integration, but have organizational issues either way.
On Dec 22, 2011, at 3:50 AM, Jelle de Jong wrote: > On 19/12/11 19:10, Jelle de Jong wrote: >> On 19/12/11 11:22, Jelle de Jong wrote: >>> On 23/05/11 13:37, Jelle de Jong wrote: >>>> I got a few servers that where running stable and somehow winbindd >>>> started complaining. There were no users added or any samba related >>>> updates. Also the problems did not started on the same day one of the >>>> servers started today and on other one months ago... >>>> >>>> winbindd[14450]: [2011/05/23 13:33:13.442070, 0] >>>> winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) >>>> winbindd[14450]: Cannot allocate gid above 20000! >>>> >>>> # winbindd --version >>>> Version 3.5.6 >>> >>> I am still having these errors and I keep increasing the values: >>> >>> idmap uid = 10000-60500 >>> idmap gid = 10000-60500 >>> >>> I started with 20000 and I am now on 60500... >>> >>> Dec 19 11:01:15 stayce winbindd[23861]: [2011/12/19 11:01:15.569602, 0] >>> winbindd/idmap_ldap.c:472(idmap_ldap_allocate_id) >>> Dec 19 11:01:15 stayce winbindd[23861]: Cannot allocate gid above 60500! >>> >>> # winbindd --version >>> Version 3.5.6 >> >> I found the following: >> >> samba (2:3.5.8~dfsg-1) unstable; urgency=low >> * New upstream release. This fixes the following bugs: >> - Winbind leaks gids with idmap ldap backend (upstrem #7777) >> Closes: #613624 >> >> Upgraded to: >> >> # winbindd --version >> Version 3.5.11 >> >> Hopefully this will fix my issues. > > Sadly this didn't work!! A few days later the problem started again... > > stayce:~# grep "Cannot allocate gid above" /var/log/syslog > Dec 22 07:28:15 stayce winbindd[26373]: Cannot allocate gid above 61000! > Dec 22 07:28:15 stayce winbindd[26373]: Cannot allocate gid above 61000! > Dec 22 07:29:53 stayce winbindd[26373]: Cannot allocate gid above 61000! > <snip> > Dec 22 09:31:40 stayce winbindd[26373]: Cannot allocate gid above 61000! > > stayce:~# winbindd -V > Version 3.5.11 > stayce:~# smbd -V > Version 3.5.11 > stayce:~# testparm > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[documenten]" > Processing section "[homes]" > Processing section "[netlogon]" > Processing section "[profiles]" > Loaded services file OK. > Server role: ROLE_DOMAIN_PDC > Press enter to see a dump of your service definitions > > [global] > workgroup = company > netbios name = SERVER > passdb backend = ldapsam > log file = /var/log/samba/log.%m > smb ports = 445 > time server = Yes > load printers = No > printcap name = /dev/null > disable spoolss = Yes > logon script = netlogon.bat > logon path = \\%N\profiles\%U > domain logons = Yes > preferred master = Yes > domain master = Yes > dns proxy = No > ldap admin dn = cn=admin,dc=company,dc=nl > ldap delete dn = Yes > ldap group suffix = ou=groups > ldap idmap suffix = ou=idmap > ldap machine suffix = ou=computers > ldap passwd sync = yes > ldap suffix = dc=company,dc=nl > ldap ssl = no > ldap user suffix = ou=users > usershare max shares = 0 > usershare path = /srv/storage/shares > panic action = /usr/share/samba/panic-action %d > idmap backend = ldap:ldap://localhost/ > idmap alloc backend = ldap > idmap uid = 10000-61000 > idmap gid = 10000-61000 > template homedir = /srv/storage/shares/ > template shell = /bin/bash > ldapsam:trusted = yes > ldapsam:editposix = yes > idmap alloc config : ldap_url = ldap://localhost/ > idmap alloc config : ldap_base_dn = ou=idmap,dc=company,dc=nl > idmap alloc config : ldap_user_dn = cn=admin,dc=company,dc=nl > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [documenten] > path = /srv/storage/shares > read only = No > inherit acls = Yes > map acl inherit = Yes > hide unreadable = Yes > store dos attributes = Yes > vfs objects = recycle > recycle:keeptree = Yes > recycle:versions = Yes > recycle:touch_mtime = Yes > > [homes] > comment = Home Directories > path = /srv/storage/samba/homes/%U > read only = No > inherit acls = Yes > map acl inherit = Yes > store dos attributes = Yes > browseable = No > root preexec = /usr/local/bin/samba-mkdir-home %U > > [netlogon] > comment = Network Logon Service > path = /srv/storage/samba/netlogon > read only = No > inherit acls = Yes > map acl inherit = Yes > store dos attributes = Yes > browseable = No > > [profiles] > comment = Users profiles > path = /srv/storage/samba/profiles > read only = No > inherit acls = Yes > profile acls = Yes > map acl inherit = Yes > store dos attributes = Yes > browseable = No > > Can somebody help me? > > Kind regards, > > Jelle de Jong > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
