Chris Hastie
2016-Feb-16 16:29 UTC
[Samba] Password changes and syncing passwords with Linux accounts
On 16/02/16 16:01, Rowland penny wrote:> Do you have the ldb-tools package installed on the DC ? if not can you > install it, then run this command: > > ldbsearch -H /var/lib/samba/private/sam.ldb > '(&(objectclass=user)(samaccountname=*))' | grep chris > > Can you post the results.Here you go, without any changes to generic names (ie I've kept my actual domain name of NUMBER37 instead of changing it to MYDOMAIN): dn: CN=NUMBER37chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk cn: NUMBER37chris name: NUMBER37chris sAMAccountName: NUMBER37\chris distinguishedName: CN=NUMBER37chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk dn: CN=chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk cn: chris name: chris sAMAccountName: chris unixHomeDirectory: /home/chris distinguishedName: CN=chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk
Rowland penny
2016-Feb-16 16:49 UTC
[Samba] Password changes and syncing passwords with Linux accounts
On 16/02/16 16:29, Chris Hastie wrote:> On 16/02/16 16:01, Rowland penny wrote: >> Do you have the ldb-tools package installed on the DC ? if not can >> you install it, then run this command: >> >> ldbsearch -H /var/lib/samba/private/sam.ldb >> '(&(objectclass=user)(samaccountname=*))' | grep chris >> >> Can you post the results. > > Here you go, without any changes to generic names (ie I've kept my > actual domain name of NUMBER37 instead of changing it to MYDOMAIN): > > dn: CN=NUMBER37chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk > cn: NUMBER37chris > name: NUMBER37chris > sAMAccountName: NUMBER37\chris > distinguishedName: > CN=NUMBER37chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk > dn: CN=chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk > cn: chris > name: chris > sAMAccountName: chris > unixHomeDirectory: /home/chris > distinguishedName: CN=chris,CN=Users,DC=ad,DC=oak-wood,DC=co,DC=uk >OK, so you do have two users, why I do not know, I would suggest you delete the user NUMBER37chris with: samba-tool user delete NUMBER37chris You need to run this on the DC If you run 'getent passwd chris' on a DC it normally will show the user as 'DOMAIN\username....', but on a domain member you can get just the username by adding 'winbind use default domain = yes' to smb.conf, this will also work on a 4.2.x DC. If you have any lines in smb.conf for creating users & groups, I would suggest you remove them. Rowland
Chris Hastie
2016-Feb-16 18:04 UTC
[Samba] Password changes and syncing passwords with Linux accounts
On 16/02/16 16:49, Rowland penny wrote:> OK, so you do have two users, why I do not know, I would suggest you > delete the user NUMBER37chris with: > > samba-tool user delete NUMBER37chrisFailed with ERROR(exception): Failed to remove user "NUMBER37chris" - Unable to find user "NUMBER37chris" but I managed with samba-tool user delete "NUMBER37\chris" However, as soon as I logged in via ssh the account was recreated> If you have any lines in smb.conf for creating users & groups, I would > suggest you remove them.I don't have any such lines. Could it be this in the PAM config that is causing the problem: auth optional pam_smbpass.so migrate Thanks Chris