Gaiseric Vandal
2014-Dec-16 15:45 UTC
[Samba] Strange problem with pdbedit -Lv : missing users ?
the testparm command will show you the location of the password file and
the backend type
e.g.
smb passwd file = /etc/samba/private/smbpasswd
passdb backend = tdbsam
The backend file should be a TDB database file , not a plain text file
(unless left over from an older version.)
You may have users or computers with duplicated SIDs. You should
also use "getent passwd" to verify that unix accounts exist for each
user and computer. Are you using winbind to automatically create unix
users for samba accounts?
you might also want to look at the log files to see what happens when a
"missing" user logs in.
On 12/16/14 10:19, Denis BUCHER wrote:>
>
> And I must admin that I really don't know where to search.
>
> Does someone knows where pdbedit is reading the information displayed ?
>
> Denis
>
> Le 15.12.2014 23:01, Denis BUCHER a ?crit :
>
>> Thank you very much for your answer.
>>
>> It's the default, internal backend. (smbpasswd)
>>
>> a) If I do :
>>
>> tdbdump schannel_store.tdb dump | grep BWPC |grep SECRET | wc
>>
>> I get 95 machines (this number looks good).
>>
>> b) smbpasswd is a text file that looks good.
>>
>> c) I can also do "tdbdump secrets.tdb dump"
>>
>> Thanks a lot in advance for any advice,
>>
>> Denis
>>
>> Le 15.12.2014 22:00, Gaiseric Vandal a ?crit :
>> What is the backend ? Can you use tdbdump to dump out the local account
info from samba password file? On 12/15/14 15:22, Denis BUCHER wrote: Dear all,
I have a very strange problem with "pdbedit -Lv" under Samba 3.3.10, a
lot of users and machines are missing ! Strangely, all these missing machines
and users are working perfectly well. The problem is that I need to get their
SID to be able to migrate to a new server... TECHNICAL DETAILS : * Samba 3.3.10
* Number of machines : * Unix : 128 machines * pdbedit -Lv | grep
"Unix" | grep "$" | wc : * 13 machines only * Number of
users : * Unix : 79 domain users * pdbedit -Lv | grep "Unix" | grep -v
"$" | wc : * 52 users only ! To be honest I don't absolutely need
pdbedit to work, if I can list the SID of all users by some other mean, it will
be OK. Any help would be greatly appreciated. Denis P. S. I saw somewhere that
it could be due to missing Unix users, but these users are not missing.
>
Denis BUCHER
2014-Dec-16 16:59 UTC
[Samba] Strange problem with pdbedit -Lv : missing users ?
Dear Gaiseric, Yes, according to testparm the backend is a plain text file : smb passwd file = /etc/samba/smbpasswd passdb backend = smbpasswd Therefore I wonder where the User SIDs are stored ?! About "getent passwd", yes all users (active users at least) have a Unix account. About the users that are missing in pdbedit, there is not error in smb.log when they log in. (But I haven't set loglevel to debug) To create user we are using Unix "useradd" and Samba "/usr/bin/smbpasswd" Denis Le 16.12.2014 16:45, Gaiseric Vandal a ?crit :> the testparm command will show you the location of the password file and > the backend type > > e.g. > > smb passwd file = /etc/samba/private/smbpasswd > passdb backend = tdbsam > > The backend file should be a TDB database file , not a plain text file > (unless left over from an older version.) > > You may have users or computers with duplicated SIDs. You should > also use "getent passwd" to verify that unix accounts exist for each > user and computer. Are you using winbind to automatically create unix > users for samba accounts? > > you might also want to look at the log files to see what happens when a > "missing" user logs in. > > On 12/16/14 10:19, Denis BUCHER wrote: > And I must admin that I really don't know where to search. Does someone knows where pdbedit is reading the information displayed ? Denis Le 15.12.2014 23:01, Denis BUCHER a ?crit : Thank you very much for your answer. It's the default, internal backend. (smbpasswd) a) If I do : tdbdump schannel_store.tdb dump | grep BWPC |grep SECRET | wc I get 95 machines (this number looks good). b) smbpasswd is a text file that looks good. c) I can also do "tdbdump secrets.tdb dump" Thanks a lot in advance for any advice, Denis Le 15.12.2014 22:00, Gaiseric Vandal a ?crit : What is the backend ? Can you use tdbdump to dump out the local account info from samba password file? On 12/15/14 15:22, Denis BUCHER wrote: Dear all, I have a very strange problem with "pdbedit -Lv" under Samba 3.3.10, a lot of users and machines are missing ! Strangely, all these missing machines and users are working perfectly well. The problem is that I need to get their SID to be able to migrate to a new server... TECHNICAL DETAILS : * Samba 3.3.10 * Number of machines : * Unix : 128 machines * pdbedit -Lv | grep "Unix" | grep "$" | wc : * 13 machines only * Number of users : * Unix : 79 domain users * pdbedit -Lv | grep "Unix" | grep -v "$" | wc : * 52 users only ! To be honest I don't absolutely need pdbedit to work, if I can list the SID of all users by some other mean, it will be OK. Any help would be greatly appreciated. Denis P. S. I saw somewhere that it could be due to missing Unix users, but these users are not missing.
Jeremy Allison
2014-Dec-16 17:04 UTC
[Samba] Strange problem with pdbedit -Lv : missing users ?
On Tue, Dec 16, 2014 at 05:59:33PM +0100, Denis BUCHER wrote:> > > Dear Gaiseric, > > Yes, according to testparm the backend is a plain text file : > > smb passwd file = /etc/samba/smbpasswd > passdb backend = smbpasswd > > Therefore I wonder where the User SIDs are stored ?!They are made up on the fly via algorithm from the UNIX user id. This is an *old* style set up. I recommend you move to a tdb password backend.