Am 2017-12-04 um 13:55 schrieb Rowland Penny via samba:> On Mon, 4 Dec 2017 13:41:32 +0100 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > >> Am 2017-12-04 um 13:22 schrieb Rowland Penny via samba: >> >>> There doesn't seem to anything really wrong with the smb.conf, >>> unless you are running a version of Samba from 4.6.0, see here for >>> how to set up idmap now: >>> >>> https://wiki.samba.org/index.php/Idmap_config_ad >> >> So that seems to hit it, we run 4.6.11 and still >> >> winbind nss info = rfc2307 >> >> That has to be edited if I interpret correctly. >> >> Is that a "dangerous" change? Should it be done with no users >> connected or with all daemons restarted after the change? >> >> thanks, Stefan >> > > I wouldn't call it dangerous, but you will have to either reload or > restart the samba daemons, so probably best done when no one is > connected.ok, will do so, thanks. Do you think that my current mis-config leads to the GID-full-issue as described? Is there a valid explanation for this? Just curious.
On Mon, 4 Dec 2017 13:58:55 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2017-12-04 um 13:55 schrieb Rowland Penny via samba: > > On Mon, 4 Dec 2017 13:41:32 +0100 > > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > > > >> Am 2017-12-04 um 13:22 schrieb Rowland Penny via samba: > >> > >>> There doesn't seem to anything really wrong with the smb.conf, > >>> unless you are running a version of Samba from 4.6.0, see here for > >>> how to set up idmap now: > >>> > >>> https://wiki.samba.org/index.php/Idmap_config_ad > >> > >> So that seems to hit it, we run 4.6.11 and still > >> > >> winbind nss info = rfc2307 > >> > >> That has to be edited if I interpret correctly. > >> > >> Is that a "dangerous" change? Should it be done with no users > >> connected or with all daemons restarted after the change? > >> > >> thanks, Stefan > >> > > > > I wouldn't call it dangerous, but you will have to either reload or > > restart the samba daemons, so probably best done when no one is > > connected. > > ok, will do so, thanks. > > Do you think that my current mis-config leads to the GID-full-issue > as described? Is there a valid explanation for this? Just curious. >Possibly, if, by using the old config, Samba is ignoring the 'idmap config DOMAIN' lines and putting everything into the '*' domain, then you may (probably would) have more than your original set up allowed. If this fixes it, you have found another bug ;-) It should work with the old lines. Rowland
On 12/04/2017 02:15 PM, Rowland Penny via samba wrote:> Possibly, if, by using the old config, Samba is ignoring the 'idmap > config DOMAIN' lines and putting everything into the '*' domain, then > you may (probably would) have more than your original set up allowed. > If this fixes it, you have found another bug ;-) > It should work with the old lines.I now changed that parameter, edited the range down to 2000-2999 again and restarted services. We can connect OK, fine. We test some things now. Can I somehow check how many of those IDs are used right now? Somehow monitor if this change fixed it? Last time it took a week to crash again, I would prefer to be able to know things earlier.