On Fri, 2004-11-19 at 18:45 +0100, Wim Bakker wrote: > LS. > > After upgrading from samba 3.0.7 to samba-3.0.9 > it appears that algorithmic rid base is now checked > to be larger then 1000 . > Because of this I get the follwoing error when trying to log in: > > [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_search_domain_info(1374) > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=<DOMAIN>))] > [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_open_connection(693) > smbldap_open_connection: connection opened > [2004/11/19 18:26:50, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(3004) > The value of 'algorithmic RID base' has changed since the LDAP > database was initialised. Aborting. > [2004/11/19 18:26:50, 0] passdb/pdb_interface.c:make_pdb_methods_name(674) > pdb backend ldapsam:ldap://localhost did not correctly init (error was > NT_STATUS_UNSUCCESSFUL) > [2004/11/19 18:26:50, 1] passdb/pdb_interface.c:make_pdb_context_list(765) > Loading ldapsam:ldap://localhost failed! > [2004/11/19 18:33:57, 2] smbd/server.c:exit_server(571) > Closing connections > > and logging in as a domain user is no longer possible. I reverted to 3.0.7 > and > could log in again. > All my servers use algorithmic rid base > of 400. As it was never clear to me from any documentation that > it should be greater than 1000 (it only states "is normally 1000 or greater" > in the docs), I choose 400.
Unfortunately, you have created a very nasty situation for yourself. The value of the calculated RIDS *must* not collide with the well-known rids in the range 500-600 (I don't think they go higher than that). The intention was to allow the algorithmic RIDs to be pushed even higher, certainly not below 1000. If at all possible, I would reconfigure your site back to a standard RID mapping, perhaps manually keeping important existing user RIDs as is. (That should work, if all the important users/groups have samba attributes in LDAP). Andrew Bartlett -- Andrew Bartlett <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
