Just upgraded a RedHat 4.5 system to 4.6, including Samba Version 3.0.25b-1.el4_6.2 Smbd starts, but denies all access. winbindd-idmap.log shows this error message: [2007/11/19 10:37:06, 1] nsswitch/idmap_tdb.c:idmap_tdb_allocate_id(470) Fatal Error: GID range full!! (max: 20000) Individual PC log file shows: check_ntlm_password: Authentication for user [chughes] -> [chughes] FAILED with error NT_STATUS_UNSUCCESSFUL Where to look? -- Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court UNIX System Admin Consulting | Owings Mills, MD 21117 http://www.tkevans.com/ | 443-394-3864 http://www.come-here.com/News/ | tkevans@tkevans.com
Tim Evans
2007-Nov-19 21:19 UTC
Fw: Re: [Samba] Samba Fatal Error: GID range full!! (max: 20000)
On Mon, 19 Nov 2007 12:32:39 -0600, Dale Schroeder wrote> Tim, > > My guess is that your "idmap uid =" and "idmap gid =" ranges are not > large enough. See: > http://www.linuxquestions.org/questions/linux-networking-3/samba- > problem-getent-differs-from-wbinfo-493615/I have set large, non-overlapping ranges for idmap uid and gid. Although the error messages about the GID range are no longer seen, users still cannot access their shares.> If this doesn't help you, please post your smb.confOnly changes from the working smb.conf from yesterday are the reset idmap ranges and the debug level setting. [global] workgroup = JJS-SDM netbios name = appian server string = appian hosts allow = 192.168.1. 127. log file = /var/log/samba/%m.log debug level = 5 max log size = 50 security = user encrypt passwords = no unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd :*all*authentication*tokens*updated*successfully* winbind separator = + idmap uid = 100000-300000 idmap gid = 100000-300000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/winnt/%D/%U template shell = /bin/bash socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no domain logons = no wins server = 192.168.1.250 dns proxy = no -- Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court UNIX System Admin Consulting | Owings Mills, MD 21117 http://www.tkevans.com/ | 443-394-3864 http://www.come-here.com/News/ | tkevans@tkevans.com