[Samba] user name and computer name are the same

Rowland Penny rowlandpenny at googlemail.com
Fri Nov 28 09:59:39 MST 2014 

On 28/11/14 16:50, Allen Chen wrote:
> On 11/28/2014 9:53 AM, Rowland Penny wrote:
>> On 28/11/14 14:03, Allen Chen wrote:
>>> On 11/27/2014 5:10 PM, Rowland Penny wrote:
>>>> On 27/11/14 21:58, Allen Chen wrote:
>>>>> Hi there,
>>>>>
>>>>> I have two Samba 4.1.13 AD DC up and running. Everything is 
>>>>> working fine.
>>>>> But today I found something weird with samba-tool. I couldn't 
>>>>> add/remove one
>>>>> particular user from group "Domain Admins"(not test with other 
>>>>> groups).
>>>>>
>>>>> The user name is "safeacc', and also I noticed that there is a 
>>>>> computer called "safeacc".
>>>>> The following command runs successfully without err:
>>>>> # /usr/local/samba/bin/samba-tool group removemembers "Domain 
>>>>> Admins" safeacc
>>>>>
>>>>> check with this command, "memberOf" is removed from the user 
>>>>> safeacc: good
>>>>> # /usr/local/samba/bin/ldbsearch -H 
>>>>> /usr/local/samba/private/sam.ldb cn=safeacc
>>>>>
>>>>> but it still shows up from here:
>>>>> # /usr/local/samba/bin/ldbsearch -H 
>>>>> /usr/local/samba/private/sam.ldb cn="Domain Admins"
>>>>> But I can remove it from ADUC.
>>>>>
>>>>> Is it allowed for a user and a computer have the same?
>>>>> Or is it a bug with samba-tool?
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Allen
>>>>>
>>>>>
>>>>
>>>> You shouldn't use a computer name for a username, see here: 
>>>> http://support.microsoft.com/kb/310845
>>>>
>>>> What is more interesting, just how did you create a user and 
>>>> computer with the same name?
>>>>
>>>> Rowland
>>> Thank you Rowland for link. That helps.
>>> That name exists in the samba3+ldap backend, and I did 
>>> classicupgrade to samba4 AD DC. So it exists in AD DC database.
>>> The classicupgrade went through without any issues.
>>>
>>> Thanks,
>>> Allen
>>>
>> Then you have found another bug in classicupgrade, care to create a 
>> bug report ?
>>
>> Rowland
>>
> But samba-tool allows to add a user with the same name of a computer.
> I tested in the test environment(Samba 4.1.13):
> There is a computer called "win", then I successfully added a user "win":
> # /usr/local/samba/bin/samba-tool user add win "winpass"
> and
> # /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb 
> cn=win
> outputs two records:
> # record 1
> dn: CN=win,CN=Computers,DC=hftnet,DC=local
> .......
> # record 2
> dn: CN=win,CN=Users,DC=hftnet,DC=local
> .....
>
> So there are two questions here:
> 1. classicupgrade prints out some kind of info or stops to upgrade 
> when a user name matches a computer name
> 2. samba-tool prints out a message and refuses to add a user if it's 
> name matches a computer name
>
> Thanks,
> Allen
>
>
>
>
OK, There you go, you have now found another bug in samba-tool, two bug 
reports ?

Rowland

More information about the samba mailing list