[Samba] Winbind / Samba auth problem after username change
L.P.H. van Belle
belle at bazuin.nl
Wed Sep 7 14:02:42 UTC 2016
I would suggest.
Stop samba and winbind
Backup
/etc/krb5.keytab
/var/lib/samba
/var/cache/samba
Remove everything in :
/var/lib/samba
/var/cache/samba
And remove :
/etc/krb5.keytab
Put in this config ( from Rowlands suggestion. )
Can you try this smb.conf:
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.local
netbios name = vmu09tcse01
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba AD Client Version %v
security = ads
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind refresh tickets = Yes
template shell = /bin/bash
domain master = no
local master = no
preferred master = no
# Default idmap config used for BUILTIN and local windows accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# idmap config for domain MYDOMAIN
idmap config MYDOMAIN:backend = rid
idmap config MYDOMAIN:range = 10000-99999
# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
Join the domain again.
Test again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Julian Zielke via
> samba
> Verzonden: woensdag 7 september 2016 15:52
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Winbind / Samba auth problem after username change
>
> BTW I just tried the getent command again and it gets even weirder:
>
>
>
> # getent passwd ren_test4
>
> ren_test4:*:12521:10513:ren_test4:/home/NLI.LOCAL/ren_test4:/bin/bash
>
>
>
> then did another getent after a couple of seconds:
>
>
>
> # getent passwd ren_test4
>
> ren_test3:*:12521:10513:ren_test3:/home/NLI.LOCAL/ren_test3:/bin/bash
>
>
>
> This is...well..I have no damn clue XD
>
>
>
> > -----Ursprüngliche Nachricht-----
>
> > Von: Julian Zielke
>
> > Gesendet: Mittwoch, 7. September 2016 15:19
>
> > An: 'samba at lists.samba.org' <samba at lists.samba.org>
>
> > Betreff: WG: [Samba] Winbind / Samba auth problem after username change
>
> >
>
> > I just did a cp -p *.ldb to a backup directory and restarted the
> services.
>
> > Of course I didn't delete it since I don't know whether this action
> would be
>
> > fatal.
>
> >
>
> >
>
> > > > -----Ursprüngliche Nachricht-----
>
> > > > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von
>
> > > > Rowland Penny via samba
>
> > > > Gesendet: Mittwoch, 7. September 2016 15:10
>
> > > > An: samba at lists.samba.org<mailto:samba at lists.samba.org>
>
> > > > Betreff: Re: [Samba] Winbind / Samba auth problem after username
>
> > > change
>
> > > >
>
> > > > On Wed, 7 Sep 2016 12:46:39 +0000
>
> > > > Julian Zielke <jzielke at next-level-
> integration.com<mailto:jzielke at next-level-integration.com>> wrote:
>
> > > >
>
> > > > > Btw, before it looked like this:
>
> > > > >
>
> > > > > # ll
>
> > > > > total 7148
>
> > > > > drwxr-xr-x 2 root root 4096 Sep 7 14:36 ./
>
> > > > > drwxr-xr-x 7 root root 4096 Sep 7 14:38 ../
>
> > > > > -rw-r--r-- 1 root root 1286144 Sep 7 14:34 DC=NLI,DC=LOCAL.ldb
>
> > > > > -rw------- 1 root root 24576 Sep 7 13:11 netlogon_creds_cli.tdb
>
> > > > > -rw------- 1 root root 421888 Sep 7 13:09 passdb.tdb
>
> > > > > -rw------- 1 root root 696 Jan 19 2016 randseed.tdb
>
> > > > > -rw-r--r-- 1 root root 1286144 Sep 7 13:08 sam.ldb
>
> > > > > -rw-r--r-- 1 root root 1286144 Sep 7 14:29 sam.ldbobjectClass=*
>
> > > > > -rw------- 1 root root 1286144 Sep 7 10:50 secrets.ldb
>
> > > > > -rw------- 1 root root 430080 Sep 4 10:06 secrets.tdb
>
> > > > > -rw-r--r-- 1 root root 1286144 Sep 7 13:09 *-tdb
>
> > > > >
>
> > > > >
>
> > > > >
>
> > > > > Von: Julian Zielke
>
> > > > > Gesendet: Mittwoch, 7. September 2016 14:41
>
> > > > > An: 'Rowland Penny' <rpenny at samba.org<mailto:rpenny at samba.org>>
>
> > > > > Cc: samba at lists.samba.org<mailto:samba at lists.samba.org>
>
> > > > > Betreff: AW: [Samba] Winbind / Samba auth problem after username
>
> > > > > change
>
> > > > >
>
> > > > >
>
> > > > > Well, I always get 0 results, whether using cn, full username,
>
> > > > > wildcards, another existing and working user etc.
>
> > > > >
>
> > > > >
>
> > > > >
>
> > > > > # cat /etc/passwd | grep 'ren_test'
>
> > > > >
>
> > > > > returns nothing
>
> > > > >
>
> > > > >
>
> > > > >
>
> > > > > # wbinfo -u | grep 'ren_test'
>
> > > > >
>
> > > > > returns: ren_test4
>
> > > > >
>
> > > > >
>
> > > > >
>
> > > > > I also created a backup of all those ldb files and restarted the
>
> > > > > samba service. Now there's no new sam.ldb but a file looking
> similar
>
> > > > > to it.
>
> > > > >
>
> > > >
>
> > > > How are you backing up the ldb files ?
>
> > > > Once you have you backed up sam.ldb, are you deleting it ?
>
> > > >
>
> > > > Rowland
>
> > > >
>
> > > > --
>
> > > > To unsubscribe from this list go to the following URL and read the
>
> > > > instructions: https://lists.samba.org/mailman/options/samba
>
> Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und
> ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht
> der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten,
> so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung,
> Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist.
> Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in
> Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die
> Kommunikation per E-Mail über das Internet unsicher ist, da für
> unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und
> Manipulation besteht
>
> Important Note: The information contained in this e-mail is confidential.
> It is intended solely for the addressee. Access to this e-mail by anyone
> else is unauthorized. If you are not the intended recipient, any form of
> disclosure, reproduction, distribution or any action taken or refrained
> from in reliance on it, is prohibited and may be unlawful. Please notify
> the sender immediately. We also would like to inform you that
> communication via e-mail over the internet is insecure because third
> parties may have the possibility to access and manipulate e-mails.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list