[Samba] user name and computer name are the same

Allen Chen achen at harbourfrontcentre.com
Fri Nov 28 09:50:08 MST 2014


On 11/28/2014 9:53 AM, Rowland Penny wrote:
> On 28/11/14 14:03, Allen Chen wrote:
>> On 11/27/2014 5:10 PM, Rowland Penny wrote:
>>> On 27/11/14 21:58, Allen Chen wrote:
>>>> Hi there,
>>>>
>>>> I have two Samba 4.1.13 AD DC up and running. Everything is working 
>>>> fine.
>>>> But today I found something weird with samba-tool. I couldn't 
>>>> add/remove one
>>>> particular user from group "Domain Admins"(not test with other 
>>>> groups).
>>>>
>>>> The user name is "safeacc', and also I noticed that there is a 
>>>> computer called "safeacc".
>>>> The following command runs successfully without err:
>>>> # /usr/local/samba/bin/samba-tool group removemembers "Domain 
>>>> Admins" safeacc
>>>>
>>>> check with this command, "memberOf" is removed from the user 
>>>> safeacc: good
>>>> # /usr/local/samba/bin/ldbsearch -H 
>>>> /usr/local/samba/private/sam.ldb cn=safeacc
>>>>
>>>> but it still shows up from here:
>>>> # /usr/local/samba/bin/ldbsearch -H 
>>>> /usr/local/samba/private/sam.ldb cn="Domain Admins"
>>>> But I can remove it from ADUC.
>>>>
>>>> Is it allowed for a user and a computer have the same?
>>>> Or is it a bug with samba-tool?
>>>>
>>>>
>>>> Thanks,
>>>> Allen
>>>>
>>>>
>>>
>>> You shouldn't use a computer name for a username, see here: 
>>> http://support.microsoft.com/kb/310845
>>>
>>> What is more interesting, just how did you create a user and 
>>> computer with the same name?
>>>
>>> Rowland
>> Thank you Rowland for link. That helps.
>> That name exists in the samba3+ldap backend, and I did classicupgrade 
>> to samba4 AD DC. So it exists in AD DC database.
>> The classicupgrade went through without any issues.
>>
>> Thanks,
>> Allen
>>
> Then you have found another bug in classicupgrade, care to create a 
> bug report ?
>
> Rowland
>
But samba-tool allows to add a user with the same name of a computer.
I tested in the test environment(Samba 4.1.13):
There is a computer called "win", then I successfully added a user "win":
# /usr/local/samba/bin/samba-tool user add win "winpass"
and
# /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb cn=win
outputs two records:
# record 1
dn: CN=win,CN=Computers,DC=hftnet,DC=local
.......
# record 2
dn: CN=win,CN=Users,DC=hftnet,DC=local
.....

So there are two questions here:
1. classicupgrade prints out some kind of info or stops to upgrade when 
a user name matches a computer name
2. samba-tool prints out a message and refuses to add a user if it's 
name matches a computer name

Thanks,
Allen



 


More information about the samba mailing list