[Samba] user name and computer name are the same
Rowland Penny
rowlandpenny at googlemail.com
Fri Nov 28 07:53:16 MST 2014
On 28/11/14 14:03, Allen Chen wrote:
> On 11/27/2014 5:10 PM, Rowland Penny wrote:
>> On 27/11/14 21:58, Allen Chen wrote:
>>> Hi there,
>>>
>>> I have two Samba 4.1.13 AD DC up and running. Everything is working
>>> fine.
>>> But today I found something weird with samba-tool. I couldn't
>>> add/remove one
>>> particular user from group "Domain Admins"(not test with other groups).
>>>
>>> The user name is "safeacc', and also I noticed that there is a
>>> computer called "safeacc".
>>> The following command runs successfully without err:
>>> # /usr/local/samba/bin/samba-tool group removemembers "Domain
>>> Admins" safeacc
>>>
>>> check with this command, "memberOf" is removed from the user
>>> safeacc: good
>>> # /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb
>>> cn=safeacc
>>>
>>> but it still shows up from here:
>>> # /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb
>>> cn="Domain Admins"
>>> But I can remove it from ADUC.
>>>
>>> Is it allowed for a user and a computer have the same?
>>> Or is it a bug with samba-tool?
>>>
>>>
>>> Thanks,
>>> Allen
>>>
>>>
>>
>> You shouldn't use a computer name for a username, see here:
>> http://support.microsoft.com/kb/310845
>>
>> What is more interesting, just how did you create a user and computer
>> with the same name?
>>
>> Rowland
> Thank you Rowland for link. That helps.
> That name exists in the samba3+ldap backend, and I did classicupgrade
> to samba4 AD DC. So it exists in AD DC database.
> The classicupgrade went through without any issues.
>
> Thanks,
> Allen
>
Then you have found another bug in classicupgrade, care to create a bug
report ?
Rowland
More information about the samba
mailing list