[Samba] Winbind / Samba auth problem after username change

L.P.H. van Belle belle at bazuin.nl
Thu Sep 8 09:13:40 UTC 2016 

Thank you, very apreciated and very usefull. 
And good for my scripting learning skills. 

I forked it, so if i change something, i'll push you. 


Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: Julian Zielke [mailto:jzielke at next-level-integration.com]
> Verzonden: donderdag 8 september 2016 11:00
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: AW: [Samba] Winbind / Samba auth problem after username change
> 
> Here you go:
> 
> https://github.com/jzielke84/sssdmigrator
> 
> Feel free to commit changes if you find a bug.
> 
> The reason we switched to SSSD was a bug in Samba domain join which was
> fixed in the first sernet pay-repos (version 4.3).
> We bought a subscription later but had to get machines into the domain and
> SSSD came in handy.
> Also there was an article in a local linux magazine featuring that topic.
> And so far it's running perfectly fine.
> 
> Cheers,
> Julian
> 
> > -----Ursprüngliche Nachricht-----
> > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von L.P.H.
> > van Belle via samba
> > Gesendet: Donnerstag, 8. September 2016 09:49
> > An: samba at lists.samba.org
> > Betreff: Re: [Samba] Winbind / Samba auth problem after username change
> >
> > Hai, Julian,
> >
> >
> > Share-ing such a script would be apriciated ;-)  thats always handy to
> have.
> >
> > And special reason why you choose sssd over winbind?
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: Julian Zielke [mailto:jzielke at next-level-integration.com]
> > > Verzonden: donderdag 8 september 2016 9:43
> > > Aan: L.P.H. van Belle; Rowland Penny; mathias dufresne
> > > CC: samba at lists.samba.org
> > > Onderwerp: AW: [Samba] Winbind / Samba auth problem after username
> > change
> > >
> > > Good morning folks,
> > >
> > >
> > > well first of all thank you very much for the help from all of you
> guys.
> > > Really appreciate that.
> > > I discussed the case with my department and we all came to the
> conclusion
> > > that migrating the old machines to sssd would
> > > be less time consuming rather than analyzing what has corrupted the
> old
> > > database. Probably in the end a database rebuild would
> > > be necessary anyway so I wrote a small bash script which transforms
> the
> > > old authentication method to sssd. Already tested it and it works
> > > perfectly fine.
> > > Makes sense to migrate all machines to one authentication method
> > anyway.
> > >
> > > Cheers,
> > > Julian
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von
> > L.P.H.
> > > > van Belle via samba
> > > > Gesendet: Mittwoch, 7. September 2016 17:09
> > > > An: samba at lists.samba.org
> > > > Betreff: Re: [Samba] Winbind / Samba auth problem after username
> > change
> > > >
> > > > No, i dont think is needed for all to rejoin.
> > > >
> > > > Now next server, do the same but now dont delete everything
> > > >
> > > > Again stop samba and winbind.
> > > >
> > > > Backup the 2 /var/lib/samba and /var/cache/samba folder.
> > > >
> > > > Now in /var/lib/samba delete winbind*.tdb
> > > > And *.tdb in /var/cache/samba
> > > >
> > > > USE THE SMB.CONF as before, modify it for the needed server.
> > > > Start samba and winbind again.
> > > >
> > > > Type wbinfo -u first and wbinfo -g
> > > > Just to be sure this works ok and it updates the tdb files again.
> > > >
> > > > If it works..
> > > > Stop samba +winbind again.
> > > >
> > > > Add in smb.conf
> > > > password server = ADDC_WITH_FSMO
> > > >
> > > > retry above with all ADDC. DC04, DC01, DC02, *
> > > > one has a problem i think
> > > >
> > > > but test with only one server a time.
> > > > ( and user FQDN for the pass servers. )
> > > >
> > > > That should help to identify where the problem is exact.
> > > >
> > > >
> > > > Greetz,
> > > >
> > > > Louis
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions:  https://lists.samba.org/mailman/options/samba
> > > Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und
> > > ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie
> nicht
> > > der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein
> > sollten,
> > > so beachten Sie bitte, dass jede Form der Kenntnisnahme,
> > Veröffentlichung,
> > > Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig
> ist.
> > > Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in
> > > Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass
> > die
> > > Kommunikation per E-Mail über das Internet unsicher ist, da für
> > > unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme
> und
> > > Manipulation besteht
> > >
> > > Important Note: The information contained in this e-mail is
> confidential.
> > > It is intended solely for the addressee. Access to this e-mail by
> anyone
> > > else is unauthorized. If you are not the intended recipient, any form
> of
> > > disclosure, reproduction, distribution or any action taken or
> refrained
> > > from in reliance on it, is prohibited and may be unlawful. Please
> notify
> > > the sender immediately. We also would like to inform you that
> > > communication via e-mail over the internet is insecure because third
> > > parties may have the possibility to access and manipulate e-mails.
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und
> ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht
> der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten,
> so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung,
> Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist.
> Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in
> Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die
> Kommunikation per E-Mail über das Internet unsicher ist, da für
> unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und
> Manipulation besteht
> 
> Important Note: The information contained in this e-mail is confidential.
> It is intended solely for the addressee. Access to this e-mail by anyone
> else is unauthorized. If you are not the intended recipient, any form of
> disclosure, reproduction, distribution or any action taken or refrained
> from in reliance on it, is prohibited and may be unlawful. Please notify
> the sender immediately. We also would like to inform you that
> communication via e-mail over the internet is insecure because third
> parties may have the possibility to access and manipulate e-mails.

More information about the samba mailing list