[Samba] Winbind / Samba auth problem after username change

Rowland Penny rpenny at samba.org
Tue Sep 6 08:30:52 UTC 2016

On Tue, 6 Sep 2016 08:17:12 +0000
Julian Zielke via samba <samba at lists.samba.org> wrote:

> Hi,
> before we switched to SSSD we've been implementing the ssh
> authentication method via Domain using winbind+samba. Version
> installed on our machines is (still) 2:4.1.6+dfsg-1ubuntu2.14.04.13.
> So far everything has been working fine, however after we had to
> change a user's logon name in the domain he can't login anymore.
> auth.log shows still his old username followed by "from <IP> not
> allowed because none of user's groups are listed in AllowGroups". I
> searched several websites for a solution but only found
> recommendations on deleting the winbind cache at /var/lib/samba.
> However this didn't fix the problem. When I do a grep using getent
> passwd on the users NEW name, it shows up. So actually the domain
> controllers is delivering the correct username.
> Is this a known bug in version 4.1.6 or can I solve this any other
> way without running a package upgrade on a production machine?
> Cheers
> Julian

How did you change the users logon name ?
Have you checked the users object in AD ?


More information about the samba mailing list