diff options
-rw-r--r-- | source3/passdb/passdb.c | 8 | ||||
-rw-r--r-- | source3/utils/testparm.c | 6 |
2 files changed, 9 insertions, 5 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index adc5eb8478..4ce5b93abd 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -509,9 +509,11 @@ static int algorithmic_rid_base(void) rid_offset = lp_algorithmic_rid_base(); - if (rid_offset < 1000) { - DEBUG(0, ("algorithmic rid base must be above 1000\n")); - rid_offset = 1000; + if (rid_offset < BASE_RID) { + /* Try to prevent admin foot-shooting, we can't put algorithmic + rids below 1000, that's the 'well known RIDs' on NT */ + DEBUG(0, ("'algorithmic rid base' must be equal to or above %ld\n", BASE_RID)); + rid_offset = BASE_RID; } if (rid_offset & 1) { DEBUG(0, ("algorithmic rid base must be even\n")); diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c index f2636fdafb..c92692fda2 100644 --- a/source3/utils/testparm.c +++ b/source3/utils/testparm.c @@ -168,8 +168,10 @@ via the %%o substitution. With encrypted passwords this is not possible.\n", lp_ printf("'winbind separator = +' might cause problems with group membership.\n"); } - if (lp_algorithmic_rid_base() < 1000) { - printf("'algorithmic rid base' must be equal or above 1000.\n"); + if (lp_algorithmic_rid_base() < BASE_RID) { + /* Try to prevent admin foot-shooting, we can't put algorithmic + rids below 1000, that's the 'well known RIDs' on NT */ + printf("'algorithmic rid base' must be equal to or above %lu\n", BASE_RID); } if (lp_algorithmic_rid_base() & 1) { |