[Samba] A computer in the Domain got stuck with and old username
Dr. Nicola Mingotti
nmingotti at gmail.com
Tue Jan 30 11:29:45 UTC 2024
I reconfigured Samba from scratch, now the real user 'nicola.mingotti'
is there and 'nicola' is gone.
I write what i tried in case it can be of help for others.
-] This was working correctly, before the upgrade so i tried to delete
all cache/db stuff i could
foo at dc1> wbinfo -u
-] It was not enough to cancel all in /var/lib/samba ! That did not
work. it is recommended in some pages as this old one:
https://linux.samba.narkive.com/WsixbGcz/samba-how-to-clear-winbind-cache
-] I deleted all "samba-config/storage/db" with this script (adapted
from Samba doc page of some years ago):
----
foo at dc1> sudo ruby -e 'va=%x(smbd -b | egrep
"LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR").split.grep(/^\//); vb=[];
va.each {|d| vb.concat(Dir.glob(d+"/*.tdb"));
vb.concat(Dir.glob(d+"/*.tlb")) }; vb.each { |x| puts "delete: #{x} ";
File.delete(x) }'
----
-] I deleted the /etc/krb5.keytab
-] When i went through the reinstall of packages 'libnss-winbind', the
system instead of telling me "No, it is already there" , it downloaded a
LOT of packages. So I suppose, for some mysterious reason, I was stuck
with some old release of many packages. That may have been one of the
sources of the problem.
HTH
bye
Nicola
On Mon-29-Jan-2024 22:39, Rowland Penny via samba wrote:
> On Mon, 29 Jan 2024 22:07:36 +0100
> "Dr. Nicola Mingotti" <nmingotti at gmail.com> wrote:
>> Done, it says what I would expect, the Domain Controller name is DC1
>>
>> foo at dc1> sudo samba-tool user show nicola
>> ERROR: Failed to get password for user 'nicola': Unable to find user
>> "nicola"
>>
>> foo at dc1> sudo samba-tool user show nicola.mingotti
>> dn: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> instanceType: 4
>> whenCreated: 20201106233854.0Z
>> uSNCreated: 5253
>> objectGUID: 6d1af44b-d2e6-4719-9e31-b3d15b71f59f
>> userAccountControl: 66048
>> codePage: 0
>> countryCode: 0
>> primaryGroupID: 513
>> objectSid: S-1-5-21-2112549936-2540803609-4198596461-1103
>> accountExpires: 9223372036854775807
>> sAMAccountType: 805306368
>> lockoutTime: 0
>> objectCategory:
>> CN=Person,CN=Schema,CN=Configuration,DC=windom,DC=borghi,DC=lan
>> msDS-SupportedEncryptionTypes: 0
>> mail: nicola.mingotti at borghigroup.it
>> memberOf: CN=g-utentiUfficio,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-developer,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=update-WLCS,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-codifica,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-leggiTutto,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-controllagiri,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-social-media,CN=Users,DC=windom,DC=borghi,DC=lan
>> memberOf: CN=g-ricerca-sviluppo,CN=Users,DC=windom,DC=borghi,DC=lan
>> pwdLastSet: 133362324193280840
>> userPrincipalName: nicola.mingotti at windom.borghi.lan
>> displayName: Nicola Mingotti
>> givenName: Nicola
>> sn: Mingotti
>> sAMAccountName: nicola.mingotti
>> cn: nicola.mingotti
>> name: nicola.mingotti
>> lastLogonTimestamp: 133504325545005320
>> whenChanged: 20240122212914.0Z
>> uSNChanged: 164460
>> lastLogon: 133510311606091920
>> logonCount: 346
>> distinguishedName:
>> CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
> Everything looks like it should be, so why doesn't it work on one
> machine ?
> It looks like it is 'cached' somewhere, which, if it was a Samba cache,
> 'net cache flush' should clear. I wonder if nscd is also running, this
> can interfere with Samba, so if it is, stop it and ensure it doesn't
> start again.
>
> Rowland
>
More information about the samba
mailing list