Chris Hastie
2016-Feb-16 18:04 UTC
[Samba] Password changes and syncing passwords with Linux accounts
On 16/02/16 16:49, Rowland penny wrote:> OK, so you do have two users, why I do not know, I would suggest you > delete the user NUMBER37chris with: > > samba-tool user delete NUMBER37chrisFailed with ERROR(exception): Failed to remove user "NUMBER37chris" - Unable to find user "NUMBER37chris" but I managed with samba-tool user delete "NUMBER37\chris" However, as soon as I logged in via ssh the account was recreated> If you have any lines in smb.conf for creating users & groups, I would > suggest you remove them.I don't have any such lines. Could it be this in the PAM config that is causing the problem: auth optional pam_smbpass.so migrate Thanks Chris
Rowland penny
2016-Feb-16 18:13 UTC
[Samba] Password changes and syncing passwords with Linux accounts
On 16/02/16 18:04, Chris Hastie wrote:> On 16/02/16 16:49, Rowland penny wrote: >> OK, so you do have two users, why I do not know, I would suggest you >> delete the user NUMBER37chris with: >> >> samba-tool user delete NUMBER37chris > > Failed with > > ERROR(exception): Failed to remove user "NUMBER37chris" - Unable to > find user "NUMBER37chris" > > but I managed with > > samba-tool user delete "NUMBER37\chris" > > > However, as soon as I logged in via ssh the account was recreated > >> If you have any lines in smb.conf for creating users & groups, I would >> suggest you remove them. > > I don't have any such lines. Could it be this in the PAM config that > is causing the problem: > > auth optional pam_smbpass.so migrate > > Thanks > > Chris > > >Could well be, I do not seem to have this line in pam, which file is it in ? Also, what does 'pam-auth-update' show ? Rowland
Chris Hastie
2016-Feb-16 19:55 UTC
[Samba] Password changes and syncing passwords with Linux accounts
On 16/02/16 18:13, Rowland penny wrote:>> >I don't have any such lines. Could it be this in the PAM config that >> >is causing the problem: >> > >> >auth optional pam_smbpass.so migrate >> > > Could well be, I do not seem to have this line in pam, which file is it in ? > Also, what does 'pam-auth-update' show ?It's in /etc/pam.d/common-auth. pam-auth-update shows: [*] Unix authentication [*] Winbind NT/Active Directory authentication [*] Register user sessions in the systemd control group hierarchy [*] SMB password synchronization [*] Inheritable Capabilities Management Unchecking 'SMB password synchronization' removes the line from common-auth and seems to have solved the problem. So progress—I just need to sort out my groups now. A related question. I see there is user 'root' known to winbind, and also in /etc/passwd. Does Samba have any need for this user (given the existance of 'Administrator')? I'm inclined to delete it from Samba and keep it in /etc/passwd. Would this be a sensible plan? Many thanks for your help today Chris