[Samba] more cleanup: mis-named AD user

Stefan G. Weichinger lists at xunil.at
Tue Aug 6 14:11:41 UTC 2019

Am 06.08.19 um 16:02 schrieb Rowland penny via samba:

> Aha, that sounds like a guy who somehow knows the root/Administrators
> password and is using it, not that you will ever get him to admit it. I
> would change the root password and not tell him.

Hm, dunno. The shares are connected via GPOs etc

I changed the password for Administrator now.

So far no change and no call.

Maybe some shares in his registry, using the Administrator-user?

I killed that smbd-process now as well (no files were open right now)

smbusers map edited as well


What about that stuff in /var/lib/samba/private on the DM? I see files
from 2017:

root at pre01svdeb01:/var/lib/samba# ls -l private/
insgesamt 3388
drwx------ 2 root root   12288 Aug  6 16:09 msg.sock
-rw------- 1 root root   32768 Aug  6 08:09 netlogon_creds_cli.tdb
-rw------- 1 root root  421888 Jul  8  2017 passdb.tdb
-rw------- 1 root root 1286144 Jul 10  2017 sam.ldb
-rw------- 1 root root 1286144 Jul  8  2017 secrets.ldb
-rw------- 1 root root  430080 Apr 13  2018 secrets.tdb

Does the idmap play a role here?

thx, s

More information about the samba mailing list