Hi list we have some problems with our group mappings. Users of the group domainusers cannot access a share where this group has access rights. Usually to increase the upper values of the idmap range helps for some time. In the case of the error the winbindd-idmap log is full of: Fatal Error: GID range full!! (max: 300000) Someone in the samba bug reports some time ago was told to use net idmap check. I did aswell: check database: /var/lib/samba/winbindd_idmap.tdb Invalid USER HWM 12024: should be 1 Invalid GROUP HWM 300001: should be 177125 uid hwm: 0 gid hwm: 177124 mappings: 6 other: 3 invalid records: 0 missing links: 0 invalid links: 0 There is the option to repair the database by using net idmap check -r but is this save? What happens when the USER HWM is set back to 1. We are using samba 3.6.6 (debian stable backports) Output from smb.conf: # ldap settings passdb backend = ldapsam ldap suffix = dc=ourdomain,dc=de ldap admin dn = cn=samba,dc=ourdomain,dc=de ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmaps ldap ssl = no ldapsam:trusted = yes ldapsam:editposix = yes # winbind settings idmap config * : range = 12000 - 300000 Thanks for your help Sebastian