[Samba] A computer in the Domain got stuck with and old username

Dr. Nicola Mingotti nmingotti at gmail.com
Tue Jan 30 11:29:45 UTC 2024


I reconfigured Samba from scratch, now the real user 'nicola.mingotti' 
is there and 'nicola' is gone.

I write what i tried in case it can be of help for others.

-] This was working correctly, before the upgrade so i tried to delete 
all cache/db stuff i could
foo at dc1> wbinfo -u

-] It was not enough to cancel all in /var/lib/samba ! That did not 
work. it is recommended in some pages as this old one:
https://linux.samba.narkive.com/WsixbGcz/samba-how-to-clear-winbind-cache

-] I deleted all "samba-config/storage/db" with this script (adapted 
from Samba doc page of some years ago):
----
foo at dc1> sudo ruby -e 'va=%x(smbd -b | egrep 
"LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR").split.grep(/^\//); vb=[]; 
va.each {|d| vb.concat(Dir.glob(d+"/*.tdb")); 
vb.concat(Dir.glob(d+"/*.tlb")) };  vb.each { |x| puts "delete: #{x} "; 
File.delete(x) }'
----

-] I deleted the /etc/krb5.keytab

-] When i went through the reinstall of packages 'libnss-winbind', the 
system instead of telling me "No, it is already there" , it downloaded a 
LOT of packages. So I suppose, for some mysterious reason, I was stuck 
with some old release of many packages. That may have been one of the 
sources of the problem.

HTH

bye
Nicola



On Mon-29-Jan-2024 22:39, Rowland Penny via samba wrote:
> On Mon, 29 Jan 2024 22:07:36 +0100
> "Dr. Nicola Mingotti" <nmingotti at gmail.com> wrote:
>> Done, it says what I would expect, the Domain Controller name is DC1
>>
>> foo at dc1> sudo samba-tool user show nicola
>> ERROR: Failed to get password for user 'nicola': Unable to find user
>> "nicola"
>>
>> foo at dc1> sudo samba-tool user show nicola.mingotti
>> dn: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> instanceType: 4
>> whenCreated: 20201106233854.0Z
>> uSNCreated: 5253
>> objectGUID: 6d1af44b-d2e6-4719-9e31-b3d15b71f59f
>> userAccountControl: 66048
>> codePage: 0
>> countryCode: 0
>> primaryGroupID: 513
>> objectSid: S-1-5-21-2112549936-2540803609-4198596461-1103
>> accountExpires: 9223372036854775807
>> sAMAccountType: 805306368
>> lockoutTime: 0
>> objectCategory:
>> CN=Person,CN=Schema,CN=Configuration,DC=windom,DC=borghi,DC=lan
>> msDS-SupportedEncryptionTypes: 0
>> mail: nicola.mingotti at borghigroup.it
>> memberOf: CN=g-utentiUfficio,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-developer,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=update-WLCS,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-codifica,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-leggiTutto,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-controllagiri,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-social-media,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-ricerca-sviluppo,CN=Users,DC=windom,DC=borghi,DC=lan
>> pwdLastSet: 133362324193280840
>> userPrincipalName: nicola.mingotti at windom.borghi.lan
>> displayName: Nicola Mingotti
>> givenName: Nicola
>> sn: Mingotti
>> sAMAccountName: nicola.mingotti
>> cn: nicola.mingotti
>> name: nicola.mingotti
>> lastLogonTimestamp: 133504325545005320
>> whenChanged: 20240122212914.0Z
>> uSNChanged: 164460
>> lastLogon: 133510311606091920
>> logonCount: 346
>> distinguishedName:
>> CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
> Everything looks like it should be, so why doesn't it work on one
> machine ?
> It looks like it is 'cached' somewhere, which, if it was a Samba cache,
> 'net cache flush' should clear. I wonder if nscd is also running, this
> can interfere with Samba, so if it is, stop it and ensure it doesn't
> start again.
>
> Rowland
>




More information about the samba mailing list