Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1589: Unable to access Samba shares after tdb limit is reached

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:13 AM

Applies to: All versions of Centrify-Enabled Samba

Problem:

Unable to browse Samba shares from Windows or Mac and the below messages appear in the samba logs

[2010/04/13 13:42:49, 1] smbd/session.c:session_claim(98) session_claim: out of session IDs (max is 3000)
[2010/04/13 13:42:49, 1] smbd/password.c:register_vuid(334) Failed to claim session for vuid=101
[2010/04/13 13:42:49, 0] smbd/process.c:process_smb(1084) ERROR: Invalid message response size! 1 35

The below command tells us how many session IDs are being used.

sudo tdbtool /var/lib/samba/sessionid.tdb
tdb> info
202 records totalling 314312 bytes

When 3000 user limit is hit, you may not be able to access the samba shares any more.

Cause:

There is a hard coded session limit in stock Samba upon which Centrify-Enabled Samba is built upon.

From stock samba code :

#define MAX_SESSION_ID 3000

This session limit of 3000 is enforced only if the below parameter is defined explicitly in /etc/samba/smb.conf

utmp = yes

Note: By default this is set for NO. The MAX_SESSION_ID is only checked if utmp is true.  Here is what the man pages of smb.conf says about utmp.

This boolean parameter is only available if Samba has been configured and compiled with the option --with-utmp. If set to YES, then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the user connecting to a Samba share.

Due to the requirements of the utmp record, we are required to create a unique identifier for the incoming user. Enabling this option creates an n^2 algorithm to find this number. This may impede performance on large installations.

Unless there is a specific reason to have this parameter set to YES, this is recommended to be set as NO (as shown below) and restart Centrify Samba.

utmp = no

Resolution:

This an limitation with stock Samba. Centrify will not make any changes to increase this limit due to GPL V3.


 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.