[Samba] A computer in the Domain got stuck with and old username

Dr. Nicola Mingotti nmingotti at gmail.com
Mon Jan 29 21:07:36 UTC 2024 


On Mon-29-Jan-2024 21:22, Rowland Penny via samba wrote:
> On Mon, 29 Jan 2024 21:11:55 +0100
> "Dr. Nicola Mingotti" <nmingotti at gmail.com> wrote:
>
>> On Mon-29-Jan-2024 19:51, Rowland Penny via samba wrote:
>>> On Mon, 29 Jan 2024 19:18:36 +0100
>>> "Dr. Nicola Mingotti via samba" <samba at lists.samba.org> wrote:
>>>
>>>> Hi all,
>>>>
>>>> ==== SETUP ====
>>>> I have a samba AC/DC in Debian stable. Several Windows client and a
>>>> few Linux/Debian-stable client in the domain, one of those client
>>>> is called CORE1 and it is giving problems.
>>>>
>>>> ==== THE FACT ====
>>>> 2 weeks ago i changed all the Domain user names to a standardized
>>>> "name.lastname"
>>>>
>>>> ==== PROBLEM ====
>>>> One computer, CORE1, which runs Jupyter, got stuck with an old
>>>> username. To be more precise, my old username was 'WINDOM\nicola',
>>>> my new username is 'WINDOM\nicola.mingotti'.
>>>> CORE1 does not see the new user and still things 'WINDOM\nicola' is
>>>> available.
>>>>
>>>> ==== WAHT I SEE ====
>>>> . From 2 computers in the Domain, CORE1 and NAS, NAS is right,
>>>> CORE1 is wrong
>>>> foo at core1> getent passwd | grep nic
>>>> WINDOM\nicola:*:11103:10513::/home/WINDOM-nicola:/bin/bash
>>>>
>>>> foo at nas> getent passwd | grep nic
>>>> WINDOM\nicola.mingotti:*:11103:10513:Nicola
>>>> Mingotti:/home/WINDOM-nicola.mingotti:/bin/bash
>>>>
>>>> === WHAT I TRIED ====
>>>> 1] I tried to get out from the domain and in again => not working
>>>> foo at core1> sudo net ads leave -U XXX
>>>> foo at core1> suod net ads join -U XXX
>>>>
>>>> 2] I tried to inspect with opensnoop what getent is looking at
>>>> $> sudo opensnoop-bpfcc
>>>> I saw some systemd got involved so i changed nsswitch.conf like
>>>> this and reboot
>>>> ---- /etc/nsswitch.conf ------
>>>> passwd:         files winbind    # before has also systemd
>>>> group:          files winbind    # before had also systemd
>>>> shadow:         files
>>>> -------------------------------
>>>>
>>>> After every major change I rebooted.
>>>>
>>>> Do you have any ideas ? I am stuck
>>>>
>>>> bye
>>>> Nicola
>>> Have you tried running 'net cache flush' (as root) on core1 ?
>>>
>>> Rowland
>>>
>>>
>>>
>> Hi Rowland,
>> thank you for the suggestion, i tried, also rebooted, it does not
>> make it. user 'WINDOM\nicola' is still happily there.
>>
> Have you checked that the rename has actually worked, easiest way is by
> using samba-tool on the DC:
>
> sudo samba-tool user show nicola
>
> Or:
>
> sudo samba-tool user show nicola.mingotti
>
> One of those should display the users AD objects.
>
> Rowland
>
> PS, Please do not 'CC' me, just reply to the list.
>
>
>

Done, it says what I would expect, the Domain Controller name is DC1

foo at dc1> sudo samba-tool user show nicola
ERROR: Failed to get password for user 'nicola': Unable to find user 
"nicola"

foo at dc1> sudo samba-tool user show nicola.mingotti
dn: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
instanceType: 4
whenCreated: 20201106233854.0Z
uSNCreated: 5253
objectGUID: 6d1af44b-d2e6-4719-9e31-b3d15b71f59f
userAccountControl: 66048
codePage: 0
countryCode: 0
primaryGroupID: 513
objectSid: S-1-5-21-2112549936-2540803609-4198596461-1103
accountExpires: 9223372036854775807
sAMAccountType: 805306368
lockoutTime: 0
objectCategory: 
CN=Person,CN=Schema,CN=Configuration,DC=windom,DC=borghi,DC=lan
msDS-SupportedEncryptionTypes: 0
mail: nicola.mingotti at borghigroup.it
memberOf: CN=g-utentiUfficio,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-developer,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=update-WLCS,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-codifica,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-leggiTutto,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-controllagiri,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-social-media,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-ricerca-sviluppo,CN=Users,DC=windom,DC=borghi,DC=lan
pwdLastSet: 133362324193280840
userPrincipalName: nicola.mingotti at windom.borghi.lan
displayName: Nicola Mingotti
givenName: Nicola
sn: Mingotti
sAMAccountName: nicola.mingotti
cn: nicola.mingotti
name: nicola.mingotti
lastLogonTimestamp: 133504325545005320
whenChanged: 20240122212914.0Z
uSNChanged: 164460
lastLogon: 133510311606091920
logonCount: 346
distinguishedName: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan


Nicola

More information about the samba mailing list