Winbind: UID/GID range full

Linux, Samba Comments

We had a problem on a storage server. One user was not able to authenticate with the Samba service using his Active Directory credentials. Furthermore I couldn’t find his user via getent passwd AD\\username. After checking several LDAP/Kerberos/PAM configuration files, I had the glorious idea to also check the logs of winbind.

[2019/01/29 14:05:16.726252,  1, pid=4467, effective(0, 0), real(0, 0)]   Fatal Error: UID range full!! (max: 60000)
[2019/01/29 14:05:16.726299,  1, pid=4467, effective(0, 0), real(0, 0)]   Error allocating a new UID
[2019/01/29 14:05:16.726339,  1, pid=4467, effective(0, 0), real(0, 0)]   no backend defined for idmap config BUILTIN
[2019/01/29 14:05:16.726903,  1, pid=4467, effective(0, 0), real(0, 0)]   Fatal Error: GID range full!! (max: 60000)
[2019/01/29 14:05:16.726948,  1, pid=4467, effective(0, 0), real(0, 0)]   Error allocating a new GID

Huh, interesting. This wasn’t a heavily used server. Neither users nor groups were even in the proximity of 60000. Accordingly increasing the idmap uid/idmap gid did not help at all.
Several hours later I found the solution in the arstechnica forum:

Long story short, stop winbind, delete winbindd_cache.tdb & winbindd_idmap.tdb from /var/cache/samba, then restart winbind. Mappings now happen right. So I can log in with domain accounts and access shares.

The provided path /var/cache/samba did not fit for the Red Hat Enterprise Linux running on this server. But finding out that winbindd_cache.tdb and winbindd_idmap.tdb are located in /var/lib/samba was no big deal after nearly 60 minutes of unnecessary debugging.

Skype Download mirror

Windows Comments

I recently read about Microsoft forcing users to update Skype Classic (aka version 7) to the new version 8 by denying an application start after updating Skype Classic to a newer version.

Skype Classic Forced update

I’m rarely using Skype at home, but I know a lot of people who do. Therefore I’m already preparing for the questions of how to circumvent this forced update. As already stated on bleepingcomputer, the only way of staying on Skype Classic is to downgrade to version For convenience I’m providing this version for donwload here:

Bleepingcomputer also provided the original MD5Sum “0ec4d8991728ded1107598c789f0ec89” of the Installer. I’d recommend checking the MSI files you download here against that sum, just to be safe.

Using Python Virtual Environments for Ansible Nodes

Ansible, Linux Comments

Did you ever need a different Python version on an Ansible Node? Or a different Python module version? I did.

The Ansible modules openssl_certificate and openssl_csr require pyOpenSSL >= 0.15. This is not the case for Red Hat Enterprise Linux 6 servers. The Python installation I wanted to use with Ansible needed to have an enabled Python SCL and an activated Python Virtual Environment (because I didn’t want to fiddle with the original SCL modules) before running its commands.

Therefore I created the small shell script python36-starter.sh:

. /opt/rh/rh-python36/enable
. /opt/python-venv/bin/activate
exec python "$@"

It’s pretty much self-explanatory. By sourcing the enable and activate files of SCL and Virtual Environment, the correct pathes for Python binaries and libraries are set. Then the “new” Python binary is executed with all arguments the script was called with.

By adding the ansible_python_interpreter configuration parameter to the according host in the inventory this script will be used by Ansible in future runs.

webcert ansible_python_interpreter=/usr/local/bin/python36-starter.sh

This small hack could be extended even further. You could export environment variables in it or do some logging or auditing stuff. But keep in mind this is a dirty hack. Do not give up the freedom and clarity Ansible provides by overextending “quick and dirty” hacks.

Subnautica: Fix 0000000e Access Violation crash

Gaming, Windows Comments

Subnautica Banner Small

Subnautica is available for free on the Epic Game Store until 27th December. It was on my radar for quite some time, so I decided to try it out. Unfortunately on my PC the game crashed before even starting properly. At least it creates crash logs. While most of those were useless to me, one part was constant in all my tries:

Read from location 0000000e caused an access violation

This seems to be an error common in many Unity Engine games, not exclusive to Subnautica. Therefore a lot of people experienced this crash issue. Most search results on the Internet recommend disabling overlays. I did that for Steam, Discord, Riva Tuner and f.lux, to no avail.

Introducing Codebites

Blog Comments

YAML CodebiteThere is very little post activity on my Blog. Creating posts is no cakewalk, additionally I often don’t see the public interest for a lot of topics. That’s why I added a new feature to the Blog today, Codebites. Codebites are intended to be more “Memo like” posts than real Blog posts. As such, they will be “low detail” creations, the default Codebites site is thusly sorted by category. Little or even no explanatory text, just copy and pastes of solutions and - perhaps - the problem in itself. I hope to put out more of these bites than my current 12 blog posts per year.
As Codebites are a drastically different approach to normal blog posts, I don’t want to bother my current RSS feed subscribers with it (side note: I don’t know if anybody is even reading my RSS feed, I didn’t bother to add any tracking). The current “default feed” will stay the same, only containing full fledged Blog posts. I created two new feeds, one for Codebites only and one containing everything.

The first (rather trivial) Codebite is already online: Ansible: Add two lists, then filter with third list

In other news: I’m aware of the oversized Google Ads, I’ll look into solving that issue in the near future.