[Samba] Winbind / Samba auth problem after username change

mathias dufresne infractory at gmail.com
Tue Sep 6 09:04:43 UTC 2016

My bad, it seems to be a ssh configuration:

2016-09-06 10:46 GMT+02:00 Julian Zielke via samba <samba at lists.samba.org>:

> Hi Rowland,
> we're using the Windows mmc for administrating samba sernet DCs running
> samba-sernet-ad 4.2.11-9.
> 4 Domain controllers are present. Primary DC replicates to a second in our
> local office and to 2 others in a vpn connected network.
> Changes are made on our primary dc always. DC 3 and 4 and the primary and
> secondary DC responsible for ssh authentication on our linux boxes
> having the problem.
> Cheers,
> Julian
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland
> Penny via samba
> Gesendet: Dienstag, 6. September 2016 10:31
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Winbind / Samba auth problem after username change
> On Tue, 6 Sep 2016 08:17:12 +0000
> Julian Zielke via samba <samba at lists.samba.org> wrote:
> > Hi,
> >
> > before we switched to SSSD we've been implementing the ssh
> > authentication method via Domain using winbind+samba. Version
> > installed on our machines is (still) 2:4.1.6+dfsg-1ubuntu2.14.04.13.
> > So far everything has been working fine, however after we had to
> > change a user's logon name in the domain he can't login anymore.
> > auth.log shows still his old username followed by "from <IP> not
> > allowed because none of user's groups are listed in AllowGroups". I
> > searched several websites for a solution but only found
> > recommendations on deleting the winbind cache at /var/lib/samba.
> > However this didn't fix the problem. When I do a grep using getent
> > passwd on the users NEW name, it shows up. So actually the domain
> > controllers is delivering the correct username.
> >
> > Is this a known bug in version 4.1.6 or can I solve this any other way
> > without running a package upgrade on a production machine?
> >
> > Cheers
> > Julian
> >
> How did you change the users logon name ?
> Have you checked the users object in AD ?
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und
> ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der
> vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so
> beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung,
> Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist.
> Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in
> Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die
> Kommunikation per E-Mail über das Internet unsicher ist, da für
> unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und
> Manipulation besteht
> Important Note: The information contained in this e-mail is confidential.
> It is intended solely for the addressee. Access to this e-mail by anyone
> else is unauthorized. If you are not the intended recipient, any form of
> disclosure, reproduction, distribution or any action taken or refrained
> from in reliance on it, is prohibited and may be unlawful. Please notify
> the sender immediately. We also would like to inform you that communication
> via e-mail over the internet is insecure because third parties may have the
> possibility to access and manipulate e-mails.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list