Wim Bakker
2004-Nov-19 17:45 UTC
[Samba] algorithmic rid base problem after upgrade to 3.0.9
LS. After upgrading from samba 3.0.7 to samba-3.0.9 it appears that algorithmic rid base is now checked to be larger then 1000 . Because of this I get the follwoing error when trying to log in: [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_search_domain_info(1374) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=<DOMAIN>))] [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_open_connection(693) smbldap_open_connection: connection opened [2004/11/19 18:26:50, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(3004) The value of 'algorithmic RID base' has changed since the LDAP database was initialised. Aborting. [2004/11/19 18:26:50, 0] passdb/pdb_interface.c:make_pdb_methods_name(674) pdb backend ldapsam:ldap://localhost did not correctly init (error was NT_STATUS_UNSUCCESSFUL) [2004/11/19 18:26:50, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://localhost failed! [2004/11/19 18:33:57, 2] smbd/server.c:exit_server(571) Closing connections and logging in as a domain user is no longer possible. I reverted to 3.0.7 and could log in again. All my servers use algorithmic rid base of 400. As it was never clear to me from any documentation that it should be greater than 1000 (it only states "is normally 1000 or greater" in the docs), I choose 400. Where in the source can I change this hard check of the algorithmic rid base to also get it working with my rid base , because I am stuck to 3.0.7 now for appx. 30 samba servers , which I would like to upgrade. TIA Wim Bakker
Andrew Bartlett
2004-Nov-25 11:07 UTC
[Samba] algorithmic rid base problem after upgrade to 3.0.9
On Fri, 2004-11-19 at 18:45 +0100, Wim Bakker wrote:> LS. > > After upgrading from samba 3.0.7 to samba-3.0.9 > it appears that algorithmic rid base is now checked > to be larger then 1000 . > Because of this I get the follwoing error when trying to log in: > > [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_search_domain_info(1374) > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=<DOMAIN>))] > [2004/11/19 18:26:50, 2] lib/smbldap.c:smbldap_open_connection(693) > smbldap_open_connection: connection opened > [2004/11/19 18:26:50, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(3004) > The value of 'algorithmic RID base' has changed since the LDAP > database was initialised. Aborting. > [2004/11/19 18:26:50, 0] passdb/pdb_interface.c:make_pdb_methods_name(674) > pdb backend ldapsam:ldap://localhost did not correctly init (error was > NT_STATUS_UNSUCCESSFUL) > [2004/11/19 18:26:50, 1] passdb/pdb_interface.c:make_pdb_context_list(765) > Loading ldapsam:ldap://localhost failed! > [2004/11/19 18:33:57, 2] smbd/server.c:exit_server(571) > Closing connections > > and logging in as a domain user is no longer possible. I reverted to 3.0.7 and > could log in again. > All my servers use algorithmic rid base > of 400. As it was never clear to me from any documentation that > it should be greater than 1000 (it only states "is normally 1000 or greater" > in the docs), I choose 400.Unfortunately, you have created a very nasty situation for yourself. The value of the calculated RIDS *must* not collide with the well-known rids in the range 500-600 (I don't think they go higher than that). The intention was to allow the algorithmic RIDs to be pushed even higher, certainly not below 1000. If at all possible, I would reconfigure your site back to a standard RID mapping, perhaps manually keeping important existing user RIDs as is. (That should work, if all the important users/groups have samba attributes in LDAP). Andrew Bartlett -- Andrew Bartlett <abartlet@samba.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20041125/1701d1c1/attachment.bin