[Samba] Surprising behavior with getent on AD service
Marc-Henri Pamiseux
marc-henri.pamiseux at libricks.org
Wed Jan 18 16:28:24 UTC 2023
Hello,
On the local network, we have installed two separate GNU/Linux servers.
One runs a 4.14.14-Debian version Samba-AD DC service while the other
runs a 4.14.14-Debian version Samba service for file sharing.
The second is a member of the AD domain.
On the second one, when I want to show all the accounts defined in AD
using the "getent passwd" command, the system returns the identifiers
and groups to me.
On the AD server, I had to rename a user's account but kept their SID
and Linux uid (10004 in my case).
I used the Windows RSAT tools for this.
Let's say I simply renamed the user1 account to user2.
On the domain member server, when I invoke the "getent passwd" command,
it is indeed the user2 account that is displayed with the identifier 10004.
On the other hand, on the AD domain controller, the same command "getent
passwd" returns me the user1 account with the identifier 10004. I invoke
the command "net cache flush" on both servers, but nothing changes.
Could you please give me a lead on how to restore consistency on theses
users accounts?
Best regards
--
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
More information about the samba
mailing list