[Samba] algorithmic rid base problem after upgrade to 3.0.9
Andrew Bartlett
abartlet at samba.org
Thu Nov 25 11:07:25 GMT 2004
On Fri, 2004-11-19 at 18:45 +0100, Wim Bakker wrote:
> LS.
>
> After upgrading from samba 3.0.7 to samba-3.0.9
> it appears that algorithmic rid base is now checked
> to be larger then 1000 .
> Because of this I get the follwoing error when trying to log in:
>
> [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_search_domain_info(1374)
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=<DOMAIN>))]
> [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_open_connection(693)
> smbldap_open_connection: connection opened
> [2004/11/19 18:26:50, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(3004)
> The value of 'algorithmic RID base' has changed since the LDAP
> database was initialised. Aborting.
> [2004/11/19 18:26:50, 0] passdb/pdb_interface.c:make_pdb_methods_name(674)
> pdb backend ldapsam:ldap://localhost did not correctly init (error was
> NT_STATUS_UNSUCCESSFUL)
> [2004/11/19 18:26:50, 1] passdb/pdb_interface.c:make_pdb_context_list(765)
> Loading ldapsam:ldap://localhost failed!
> [2004/11/19 18:33:57, 2] smbd/server.c:exit_server(571)
> Closing connections
>
> and logging in as a domain user is no longer possible. I reverted to 3.0.7 and
> could log in again.
> All my servers use algorithmic rid base
> of 400. As it was never clear to me from any documentation that
> it should be greater than 1000 (it only states "is normally 1000 or greater"
> in the docs), I choose 400.
Unfortunately, you have created a very nasty situation for yourself.
The value of the calculated RIDS *must* not collide with the well-known
rids in the range 500-600 (I don't think they go higher than that). The
intention was to allow the algorithmic RIDs to be pushed even higher,
certainly not below 1000.
If at all possible, I would reconfigure your site back to a standard RID
mapping, perhaps manually keeping important existing user RIDs as is.
(That should work, if all the important users/groups have samba
attributes in LDAP).
Andrew Bartlett
--
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041125/1701d1c1/attachment.bin
More information about the samba
mailing list