Julian Zielke
2016-Sep-07 12:05 UTC
[Samba] Winbind / Samba auth problem after username change
AVAHI is not running on our machines. We're using Samba from the official sernet repository. I did a find-command on all sam.ldb files and this is the only one which exists. Also when I delete them and restart the samba service, it's being created again, so I guess it's the correct file the daemon is working with. I've used the ldbsearch with the full logon name, however even when doing the command Mathias suggested no results are shown at all. - Julian> -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von > Rowland Penny via samba > Gesendet: Mittwoch, 7. September 2016 13:48 > An: samba at lists.samba.org > Betreff: Re: [Samba] Winbind / Samba auth problem after username change > > On Wed, 7 Sep 2016 11:20:54 +0000 > Julian Zielke <jzielke at next-level-integration.com> wrote: > > See inline comments: > > > - It really ends in local. So I guess I can leave this one. > > If AVAHI is running on any Unix machines, it can get in the way, so as > I said, you would be advised to turn it off. > > > - I've corrected the double entry in nsswitch.conf > > > > The command returns: > > # getent passwd | grep ren_test > > ren_test4:*:12521:10513:ren_test4:/home/NLI.LOCAL/ren_test4:/bin/bash > > > > What I copied into the message before was our object directly from > > the DC. I thought you said "ldapsearch", not ldbsearch ;-) > > > > Well here's the ldbsearch result (hopefully I did it the right way): > > # ldbsearch -H /var/lib/samba/private/sam.ldb -b 'dc=nli,dc=local' -s > > sub '(&(samAccountType=805306368)(samaccountname=ren_test))' # > > returned 0 records # 0 entries > > # 0 referrals > > > > Even when I do it without any subcommand it returns 0 records: > > ldbsearch -H /var/lib/samba/private/sam.ldb -b 'dc=nli,dc=local' > > # returned 0 records > > # 0 entries > > # 0 referrals > > > > Dunno whether this now points to an error in my configuration or not. > > > > Possibly not, '/var/lib/samba/private/sam.ldb' is the path to 'sam.ldb' > if you compile Samba yourself. It may (and probably will be) in a > different place if you are using OS packages > i.e. /var/lib/samba/private/sam.ldb on debian > > You should also replace 'rowland' with the full user logon name. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaWichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht Important Note: The information contained in this e-mail is confidential. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. We also would like to inform you that communication via e-mail over the internet is insecure because third parties may have the possibility to access and manipulate e-mails.
Rowland Penny
2016-Sep-07 12:14 UTC
[Samba] Winbind / Samba auth problem after username change
On Wed, 7 Sep 2016 12:05:05 +0000 Julian Zielke <jzielke at next-level-integration.com> wrote:> AVAHI is not running on our machines. > > We're using Samba from the official sernet repository. I did a > find-command on all sam.ldb files and this is the only one which > exists. Also when I delete them and restart the samba service, it's > being created again, so I guess it's the correct file the daemon is > working with. > > I've used the ldbsearch with the full logon name, however even when > doing the command Mathias suggested no results are shown at all. > > - Julian >Try changing 'samaccountname'to 'cn' You could also try: cat /etc/passwd | grep 'ren_test' If you have a user 'ren_test' that getent passwd shows, it has to be coming from one or the other. You could also try: wbinfo -u | grep 'ren_test' Rowland
Julian Zielke
2016-Sep-07 12:42 UTC
[Samba] Winbind / Samba auth problem after username change
Well, I always get 0 results, whether using cn, full username, wildcards, another existing and working user etc. # cat /etc/passwd | grep 'ren_test' returns nothing # wbinfo -u | grep 'ren_test' returns: ren_test4 I also created a backup of all those ldb files and restarted the samba service. Now there's no new sam.ldb but a file looking similar to it. Here's the complete directory: /var/lib/samba/private# ll total 4644 drwxr-xr-x 4 root root 4096 Sep 7 14:38 ./ drwxr-xr-x 7 root root 4096 Sep 7 14:38 ../ drwx------ 2 root root 4096 Sep 7 14:39 msg.sock/ -rw------- 1 root root 24576 Sep 7 14:38 netlogon_creds_cli.tdb -rw------- 1 root root 421888 Sep 7 13:09 passdb.tdb -rw------- 1 root root 696 Jan 19 2016 randseed.tdb -rw-r--r-- 1 root root 1286144 Sep 7 14:29 sam.ldbobjectClass=* -rw------- 1 root root 1286144 Sep 7 14:38 secrets.ldb -rw------- 1 root root 430080 Sep 4 10:06 secrets.tdb drwxr-xr-x 2 root root 4096 Jan 19 2016 smbd.tmp/ -rw-r--r-- 1 root root 1286144 Sep 7 13:09 *-tdb Doing a ldbsearch on this file also returns 0 records. Even with the -a argument and no filter. - Julian> -----Ursprüngliche Nachricht-----> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von> Rowland Penny via samba> Gesendet: Mittwoch, 7. September 2016 14:15> An: samba at lists.samba.org> Betreff: Re: [Samba] Winbind / Samba auth problem after username change>> On Wed, 7 Sep 2016 12:05:05 +0000> Julian Zielke <jzielke at next-level-integration.com<mailto:jzielke at next-level-integration.com>> wrote:>> > AVAHI is not running on our machines.> >> > We're using Samba from the official sernet repository. I did a> > find-command on all sam.ldb files and this is the only one which> > exists. Also when I delete them and restart the samba service, it's> > being created again, so I guess it's the correct file the daemon is> > working with.> >> > I've used the ldbsearch with the full logon name, however even when> > doing the command Mathias suggested no results are shown at all.> >> > - Julian> >>> Try changing 'samaccountname'to 'cn'> You could also try: cat /etc/passwd | grep 'ren_test'>> If you have a user 'ren_test' that getent passwd shows, it has to be> coming from one or the other.>> You could also try: wbinfo -u | grep 'ren_test'>> Rowland>> --> To unsubscribe from this list go to the following URL and read the> instructions: https://lists.samba.org/mailman/options/sambaWichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht Important Note: The information contained in this e-mail is confidential. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. We also would like to inform you that communication via e-mail over the internet is insecure because third parties may have the possibility to access and manipulate e-mails.