[Samba] Password change question/1: smbpasswd does not propagate passwords?!
Rowland Penny
rpenny at samba.org
Tue Oct 31 17:37:13 UTC 2017
On Tue, 31 Oct 2017 17:59:40 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> I reply to myself...
>
> > So, the question: how replica works?! I'm confused...
>
> To add ''strangeness'', i've done another password change, on DC1, and
> verified that password change time does not propagate to DC2.
Are you sure that it isn't propogating ?
Have you checked the attribute 'pwdLastSet' in the users object in AD
on all DCs ?
ldbsearch -H /usr/local/samba/private/sam.ldb -b
"DC=samdom,DC=example,DC=com" -s sub
"(&(objectClass=user)(sAMAccountName=username))" pwdLastSet | grep
'[p]wdLastSet' | awk '{print $NF}'
Run the above command on all DCs, it should produce a number and the
number should be the same on all DCs
Replace:
/usr/local/samba/private/sam.ldb with the path to your sam.ldb
DC=samdom,DC=example,DC=com with your NC
username with a users name from your AD domain
You will also need ldb-tools installed.
> After that i've done a ssh logon on DC2 (with that user, of course)
> and i was able to use the new password, and password change time get
> ''syncronized''.
>
>
> After that, i'm now adding a bunch of users on DC2, and they not
> appear on DC1.
This is worrying, they should replicate to all DCs.
>
>
> It is normal? How can i debug this, or force a sync?
Definitely not normal, how are you creating users ?
Have a look at 'samba-tool ldapcmp --help' to check the AD databases.
Rowland
More information about the samba
mailing list