[Samba] algorithmic rid base problem after upgrade to 3.0.9

Andrew Bartlett abartlet at samba.org
Thu Nov 25 11:07:25 GMT 2004 

On Fri, 2004-11-19 at 18:45 +0100, Wim Bakker wrote:
> LS.
> 
> After upgrading from samba 3.0.7 to samba-3.0.9
> it appears that algorithmic rid base is now checked
> to be larger then 1000 . 
> Because of this I get the follwoing error when trying to log in:
> 
> [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_search_domain_info(1374)
>   Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=<DOMAIN>))]
> [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_open_connection(693)
>   smbldap_open_connection: connection opened
> [2004/11/19 18:26:50, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(3004)
>   The value of 'algorithmic RID base' has changed since the LDAP
>   database was initialised.  Aborting.
> [2004/11/19 18:26:50, 0] passdb/pdb_interface.c:make_pdb_methods_name(674)
>   pdb backend ldapsam:ldap://localhost did not correctly init (error was 
> NT_STATUS_UNSUCCESSFUL)
> [2004/11/19 18:26:50, 1] passdb/pdb_interface.c:make_pdb_context_list(765)
>   Loading ldapsam:ldap://localhost failed!
> [2004/11/19 18:33:57, 2] smbd/server.c:exit_server(571)
>   Closing connections
> 
> and logging in as a domain user is no longer possible. I reverted to 3.0.7 and 
> could log in again.
> All my servers use algorithmic rid base
> of 400. As it was never clear to me from any documentation that
> it should be greater than 1000 (it only states "is normally 1000 or greater" 
> in the docs), I choose 400.

Unfortunately, you have created a very nasty situation for yourself.
The value of the calculated RIDS *must* not collide with the well-known
rids in the range 500-600 (I don't think they go higher than that).  The
intention was to allow the algorithmic RIDs to be pushed even higher,
certainly not below 1000.

If at all possible, I would reconfigure your site back to a standard RID
mapping, perhaps manually keeping important existing user RIDs as is.
(That should work, if all the important users/groups have samba
attributes in LDAP).

Andrew Bartlett

-- 
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041125/1701d1c1/attachment.bin

More information about the samba mailing list