Re: [Samba] algorithmic rid base problem after upgrade to 3.0.9

[Andrew Bartlett]

On Fri, 2004-11-19 at 18:45 +0100, Wim Bakker wrote:
> LS.
> 
> After upgrading from samba 3.0.7 to samba-3.0.9
> it appears that algorithmic rid base is now checked
> to be larger then 1000 . 
> Because of this I get the follwoing error when trying to log in:
> 
> [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_search_domain_info(1374)
>   Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=))]
> [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_open_connection(693)
>   smbldap_open_connection: connection opened
> [2004/11/19 18:26:50, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(3004)
>   The value of 'algorithmic RID base' has changed since the LDAP
>   database was initialised.  Aborting.
> [2004/11/19 18:26:50, 0] passdb/pdb_interface.c:make_pdb_methods_name(674)
>   pdb backend ldapsam:ldap://localhost did not correctly init (error was 
> NT_STATUS_UNSUCCESSFUL)
> [2004/11/19 18:26:50, 1] passdb/pdb_interface.c:make_pdb_context_list(765)
>   Loading ldapsam:ldap://localhost failed!
> [2004/11/19 18:33:57, 2] smbd/server.c:exit_server(571)
>   Closing connections
> 
> and logging in as a domain user is no longer possible. I reverted to 3.0.7 
> and 
> could log in again.
> All my servers use algorithmic rid base
> of 400. As it was never clear to me from any documentation that
> it should be greater than 1000 (it only states "is normally 1000 or greater" 
> in the docs), I choose 400.

Unfortunately, you have created a very nasty situation for yourself.
The value of the calculated RIDS *must* not collide with the well-known
rids in the range 500-600 (I don't think they go higher than that).  The
intention was to allow the algorithmic RIDs to be pushed even higher,
certainly not below 1000.

If at all possible, I would reconfigure your site back to a standard RID
mapping, perhaps manually keeping important existing user RIDs as is.
(That should work, if all the important users/groups have samba
attributes in LDAP).

Andrew Bartlett

-- 
Andrew Bartlett <[EMAIL PROTECTED]>


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] algorithmic rid base problem after upgrade to 3.0.9

[Wim Bakker]

LS.

After upgrading from samba 3.0.7 to samba-3.0.9
it appears that algorithmic rid base is now checked
to be larger then 1000 . 
Because of this I get the follwoing error when trying to log in:

[2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_search_domain_info(1374)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=))]
[2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_open_connection(693)
  smbldap_open_connection: connection opened
[2004/11/19 18:26:50, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(3004)
  The value of 'algorithmic RID base' has changed since the LDAP
  database was initialised.  Aborting.
[2004/11/19 18:26:50, 0] passdb/pdb_interface.c:make_pdb_methods_name(674)
  pdb backend ldapsam:ldap://localhost did not correctly init (error was 
NT_STATUS_UNSUCCESSFUL)
[2004/11/19 18:26:50, 1] passdb/pdb_interface.c:make_pdb_context_list(765)
  Loading ldapsam:ldap://localhost failed!
[2004/11/19 18:33:57, 2] smbd/server.c:exit_server(571)
  Closing connections

and logging in as a domain user is no longer possible. I reverted to 3.0.7 and 
could log in again.
All my servers use algorithmic rid base
of 400. As it was never clear to me from any documentation that
it should be greater than 1000 (it only states "is normally 1000 or greater" 
in the docs), I choose 400.
Where in the source can I change this hard check of the algorithmic
rid base to also get it working with my rid base , because I am stuck
to 3.0.7 now for appx. 30 samba servers , which I would like to upgrade.

TIA

Wim Bakker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba