[Samba] Winbind / Samba auth problem after username change

L.P.H. van Belle belle at bazuin.nl
Wed Sep 7 14:02:42 UTC 2016 

I would suggest. 

Stop samba and winbind 

Backup 
/etc/krb5.keytab 
/var/lib/samba 
/var/cache/samba 

Remove everything in : 
/var/lib/samba
/var/cache/samba
And remove : 
/etc/krb5.keytab 


Put in this config ( from Rowlands suggestion. ) 
Can you try this smb.conf:

[global]
	workgroup = MYDOMAIN
	realm = MYDOMAIN.local
	netbios name = vmu09tcse01
	dedicated keytab file = /etc/krb5.keytab
	kerberos method = secrets and keytab
	server string = Samba AD Client Version %v
	security = ads
	winbind enum users = yes
	winbind enum groups = yes
	winbind use default domain = yes
	winbind refresh tickets = Yes
	template shell = /bin/bash
	domain master = no
	local master = no
	preferred master = no

	# Default idmap config used for BUILTIN and local windows accounts/groups
	idmap config *:backend = tdb
	idmap config *:range = 2000-9999

	# idmap config for domain MYDOMAIN
	idmap config MYDOMAIN:backend = rid
	idmap config MYDOMAIN:range = 10000-99999

	# For ACL support on domain member
	vfs objects = acl_xattr
	map acl inherit = Yes
	store dos attributes = Yes



Join the domain again. 

Test again. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Julian Zielke via
> samba
> Verzonden: woensdag 7 september 2016 15:52
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Winbind / Samba auth problem after username change
> 
> BTW I just tried the getent command again and it gets even weirder:
> 
> 
> 
> # getent passwd ren_test4
> 
> ren_test4:*:12521:10513:ren_test4:/home/NLI.LOCAL/ren_test4:/bin/bash
> 
> 
> 
> then did another getent after a couple of seconds:
> 
> 
> 
> # getent passwd ren_test4
> 
> ren_test3:*:12521:10513:ren_test3:/home/NLI.LOCAL/ren_test3:/bin/bash
> 
> 
> 
> This is...well..I have no damn clue XD
> 
> 
> 
> > -----Ursprüngliche Nachricht-----
> 
> > Von: Julian Zielke
> 
> > Gesendet: Mittwoch, 7. September 2016 15:19
> 
> > An: 'samba at lists.samba.org' <samba at lists.samba.org>
> 
> > Betreff: WG: [Samba] Winbind / Samba auth problem after username change
> 
> >
> 
> > I just did a cp -p *.ldb to a backup directory and restarted the
> services.
> 
> > Of course I didn't delete it since I don't know whether this action
> would be
> 
> > fatal.
> 
> >
> 
> >
> 
> > > > -----Ursprüngliche Nachricht-----
> 
> > > > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von
> 
> > > > Rowland Penny via samba
> 
> > > > Gesendet: Mittwoch, 7. September 2016 15:10
> 
> > > > An: samba at lists.samba.org<mailto:samba at lists.samba.org>
> 
> > > > Betreff: Re: [Samba] Winbind / Samba auth problem after username
> 
> > > change
> 
> > > >
> 
> > > > On Wed, 7 Sep 2016 12:46:39 +0000
> 
> > > > Julian Zielke <jzielke at next-level-
> integration.com<mailto:jzielke at next-level-integration.com>> wrote:
> 
> > > >
> 
> > > > > Btw, before it looked like this:
> 
> > > > >
> 
> > > > > # ll
> 
> > > > > total 7148
> 
> > > > > drwxr-xr-x 2 root root    4096 Sep  7 14:36 ./
> 
> > > > > drwxr-xr-x 7 root root    4096 Sep  7 14:38 ../
> 
> > > > > -rw-r--r-- 1 root root 1286144 Sep  7 14:34 DC=NLI,DC=LOCAL.ldb
> 
> > > > > -rw------- 1 root root   24576 Sep  7 13:11 netlogon_creds_cli.tdb
> 
> > > > > -rw------- 1 root root  421888 Sep  7 13:09 passdb.tdb
> 
> > > > > -rw------- 1 root root     696 Jan 19  2016 randseed.tdb
> 
> > > > > -rw-r--r-- 1 root root 1286144 Sep  7 13:08 sam.ldb
> 
> > > > > -rw-r--r-- 1 root root 1286144 Sep  7 14:29 sam.ldbobjectClass=*
> 
> > > > > -rw------- 1 root root 1286144 Sep  7 10:50 secrets.ldb
> 
> > > > > -rw------- 1 root root  430080 Sep  4 10:06 secrets.tdb
> 
> > > > > -rw-r--r-- 1 root root 1286144 Sep  7 13:09 *-tdb
> 
> > > > >
> 
> > > > >
> 
> > > > >
> 
> > > > > Von: Julian Zielke
> 
> > > > > Gesendet: Mittwoch, 7. September 2016 14:41
> 
> > > > > An: 'Rowland Penny' <rpenny at samba.org<mailto:rpenny at samba.org>>
> 
> > > > > Cc: samba at lists.samba.org<mailto:samba at lists.samba.org>
> 
> > > > > Betreff: AW: [Samba] Winbind / Samba auth problem after username
> 
> > > > > change
> 
> > > > >
> 
> > > > >
> 
> > > > > Well, I always get 0 results, whether using cn, full username,
> 
> > > > > wildcards, another existing and working user etc.
> 
> > > > >
> 
> > > > >
> 
> > > > >
> 
> > > > > # cat /etc/passwd | grep 'ren_test'
> 
> > > > >
> 
> > > > > returns nothing
> 
> > > > >
> 
> > > > >
> 
> > > > >
> 
> > > > > # wbinfo -u | grep 'ren_test'
> 
> > > > >
> 
> > > > > returns: ren_test4
> 
> > > > >
> 
> > > > >
> 
> > > > >
> 
> > > > > I also created a backup of all those ldb files and restarted the
> 
> > > > > samba service. Now there's no new sam.ldb but a file looking
> similar
> 
> > > > > to it.
> 
> > > > >
> 
> > > >
> 
> > > > How are you backing up the ldb files ?
> 
> > > > Once you have you backed up sam.ldb, are you deleting it ?
> 
> > > >
> 
> > > > Rowland
> 
> > > >
> 
> > > > --
> 
> > > > To unsubscribe from this list go to the following URL and read the
> 
> > > > instructions:  https://lists.samba.org/mailman/options/samba
> 
> Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und
> ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht
> der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten,
> so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung,
> Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist.
> Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in
> Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die
> Kommunikation per E-Mail über das Internet unsicher ist, da für
> unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und
> Manipulation besteht
> 
> Important Note: The information contained in this e-mail is confidential.
> It is intended solely for the addressee. Access to this e-mail by anyone
> else is unauthorized. If you are not the intended recipient, any form of
> disclosure, reproduction, distribution or any action taken or refrained
> from in reliance on it, is prohibited and may be unlawful. Please notify
> the sender immediately. We also would like to inform you that
> communication via e-mail over the internet is insecure because third
> parties may have the possibility to access and manipulate e-mails.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list