LDAP and RID ranges

Joachim Kupke joachim at kupke.za.net
Thu Jul 22 11:51:28 GMT 1999 

Hi folks.

After having migrated from smbpasswd file based user database for Samba
to an LDAP based one, I am delighted about speed and reliability of this
new NT login solution here.

I found that I should have backed up the RIDs of all users that had
previously already been stored in the smbpasswd file since neither NT
locally stored data (which had no importance, actually) nor server-side
stored profiles (which is important) could be accessed through newly-
assigned RIDs. -- OK, I could have thought of that, but it's actually
working very fine now. :)

One thing is making my head ache, however: 'smbpasswd -a' adds new LDAP
entries, just as it should, missing a few attributes (such as
pwdMustChange), but these can easily be appended by ldapmodify. Actually,
smbpasswd is needed only for calculating the two password hashes and --
and that's the point -- the rids.

Now, I added a few users which resulted in rids being assigned in the
range from 4df to 57b (continously). Originally, some 3??-rids had been
assigned, too; that was before I manually corrected those to the values
the specified users had originally been assigned to. Most curiously,
some things won't work with the auto-assigned rids, most noticeably
VNC, which is installed as a service here. When logging in, it complains

"nddeagnt.exe - DLL initialization failed:
Initializing DLL 'c:\Program Files\ORL\VNC\VNCHooks.dll' failed. Process
won't be quitted normally." (Everything's in German here, I hope the
translation is accurate.)

This happens exactly as long as the user I'm trying this with has the rid
53d. When I delete all the profile data and change the rid to 153d,
everything is working fine.

Is there a special meaning associated to the RID range so that such
phenomena might occur?!


Sincerely,
Joachim Kupke

--
                                           \\\|///
                                         \\  - -  //
                                          (  @ @  )
+-----------------------------+---------oOOo-(_)-oOOo-----------------+
| Joachim Kupke               | Das Sein zum Tode ist eminent viru-   |
|                             | lent; sowohl im kontingenten als auch |
| mailto:joachim at kupke.za.net | im abstrakt ontischen Bereich.        |
| http://www.kupke.za.net/    | (BTW: The end of MS is near...)       |
+-----------------------------+-----------------Oooo------------------+
                                        oooO   (   )
                                       (   )    ) /
                                        \ (    (_/
                                         \_)

More information about the samba-ntdom mailing list