[Samba] Password changes and syncing passwords with Linux accounts

Rowland penny rpenny at samba.org
Tue Feb 16 16:49:24 UTC 2016

On 16/02/16 16:29, Chris Hastie wrote:
> On 16/02/16 16:01, Rowland penny wrote:
>> Do you have the ldb-tools package installed on the DC ? if not can 
>> you install it, then run this command:
>>  ldbsearch -H /var/lib/samba/private/sam.ldb 
>> '(&(objectclass=user)(samaccountname=*))' | grep chris
>> Can you post the results. 
> Here you go, without any changes to generic names (ie I've kept my 
> actual domain name of NUMBER37 instead of changing it to MYDOMAIN):
> dn: CN=NUMBER37chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk
> cn: NUMBER37chris
> name: NUMBER37chris
> sAMAccountName: NUMBER37\chris
> distinguishedName: 
> CN=NUMBER37chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk
> dn: CN=chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk
> cn: chris
> name: chris
> sAMAccountName: chris
> unixHomeDirectory: /home/chris
> distinguishedName: CN=chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk

OK, so you do have two users, why I do not know, I would suggest you 
delete the user NUMBER37chris with:

samba-tool user delete NUMBER37chris

You need to run this on the DC

If you run 'getent passwd chris' on a DC it normally will show the user 
as 'DOMAIN\username....', but on a domain member you can get just the 
username by adding 'winbind use default domain = yes' to smb.conf, this 
will also work on a 4.2.x DC.

If you have any lines in smb.conf for creating users & groups, I would 
suggest you remove them.


More information about the samba mailing list