[Samba] Winbind / Samba auth problem after username change

Julian Zielke jzielke at next-level-integration.com
Tue Sep 6 11:41:59 UTC 2016


OK I think I got some more information for you guys. I just did “getent passwd <NEWusername>” and got:
<OLD username>:*:<ID>:<ID2>::/home/…/<OLD username>:/bin/bash.

When I do “su - <NEW username>” I get a valid shell with notification “No directory, logging in with HOME=/”.
When I do the same with the OLD username I get “No passwd entry for user '<OLD username>'”.

It’s like the new name is the only valid one but still has a hardlink to the old one… really weird…


Von: mathias dufresne [mailto:infractory at gmail.com]
Gesendet: Dienstag, 6. September 2016 13:30
An: Rowland Penny <rpenny at samba.org>
Cc: samba <samba at lists.samba.org>; Julian Zielke <jzielke at next-level-integration.com>
Betreff: Re: [Samba] Winbind / Samba auth problem after username change

Hum...
All users are OK except the one(s) you changed there names. No other modification in configuration, all others users are working well.
Is that true?
This broken user is correctly shown using "getent passwd <NEW username>"?
Is that true?

Can you use that user on system side, I would try, as root, "su - <NEW username>". This last test is to verify all is well configured about that user with new name. If it complains about missing home directory or anything else, that could be the cause SSH refuse to let that user connect on the system.



2016-09-06 11:36 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>>:
On Tue, 6 Sep 2016 09:15:09 +0000
Julian Zielke via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote:

> Hi Mathias,
>
> thanks for your advice on how to use getent. However you’re
> mentioning SSSD which is working fine. I was referring to it because
> we changed to that method lately but the server having the problem is
> NOT using this new method but the old winbind+samba combination.
>
> Sorry it it was confusing.
>
> Cheers,
> Julian

If you are using a fairly recent version of sssd, you are using a
version of a Samba winbind lib, so just changing to sssd shouldn't give
problems.

First and foremost, all your users & groups are stored in AD as windows
users & groups i.e. they have a SID-RID
So if you change a login name, it shouldn't affect anything else, so
when I asked how you changed the login name, perhaps I should have
asked, what did you change ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht

Important Note: The information contained in this e-mail is confidential. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. We also would like to inform you that communication via e-mail over the internet is insecure because third parties may have the possibility to access and manipulate e-mails.


More information about the samba mailing list