Centrify DirectControl, Centrify Identity Service, Mac Edition, Centrify DirectAudit
KB-1589: Unable to access Samba shares after tdb limit is reached
Applies to: All versions of Centrify-Enabled Samba
Unable to browse Samba shares from Windows or Mac and the below messages appear in the samba logs
[2010/04/13 13:42:49, 1] smbd/session.c:session_claim(98) session_claim: out of session IDs (max is 3000) [2010/04/13 13:42:49, 1] smbd/password.c:register_vuid(334) Failed to claim session for vuid=101 [2010/04/13 13:42:49, 0] smbd/process.c:process_smb(1084) ERROR: Invalid message response size! 1 35
The below command tells us how many session IDs are being used.
sudo tdbtool /var/lib/samba/sessionid.tdb tdb> info 202 records totalling 314312 bytes
When 3000 user limit is hit, you may not be able to access the samba shares any more.
There is a hard coded session limit in stock Samba upon which Centrify-Enabled Samba is built upon.
From stock samba code :
#define MAX_SESSION_ID 3000
This session limit of 3000 is enforced only if the below parameter is defined explicitly in /etc/samba/smb.conf
utmp = yes
Note: By default this is set for NO. The MAX_SESSION_ID is only checked if utmp is true. Here is what the man pages of smb.conf says about utmp.
This boolean parameter is only available if Samba has been configured and compiled with the option --with-utmp. If set to YES, then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the user connecting to a Samba share.
Due to the requirements of the utmp record, we are required to create a unique identifier for the incoming user. Enabling this option creates an n^2 algorithm to find this number. This may impede performance on large installations.
Unless there is a specific reason to have this parameter set to YES, this is recommended to be set as NO (as shown below) and restart Centrify Samba.
utmp = no
This an limitation with stock Samba. Centrify will not make any changes to increase this limit due to GPL V3.