Rowland Penny
2016-Sep-06 15:53 UTC
[Samba] Winbind / Samba auth problem after username change
On Tue, 6 Sep 2016 15:38:57 +0000 Julian Zielke <jzielke at next-level-integration.com> wrote:> No, getent NEWusername produces a result SHOWING the old username - > not the other way around. The machine is a domain member. We did a > join using net join ads.Where is it displaying the old username ?> > The passwords file has only the standard local users in there.Well that rules that out.> > ================================================================> cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages > installed, try: # `info libc "Name Service Switch"' for information > about this file. > > passwd: compat winbind > group: compat winbind > shadow: compat > > hosts: files dns mdns4 > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > group: compat winbind > ================================================================>Why have you got two 'group' lines ? otherwise nothing wrong there. Is there any chance you can post a sanitized version of the users object in AD ? Rowland
Julian Zielke
2016-Sep-06 16:11 UTC
[Samba] Winbind / Samba auth problem after username change
Here: # getent passwd <domain>+<NEWusername> <domain>+<OLDusername>:*:16778566:16777729::/home/NLI/<OLDusername>:/bin/bash> -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von > Rowland Penny via samba > Gesendet: Dienstag, 6. September 2016 17:53 > An: samba at lists.samba.org > Betreff: Re: [Samba] Winbind / Samba auth problem after username change > > On Tue, 6 Sep 2016 15:38:57 +0000 > Julian Zielke <jzielke at next-level-integration.com> wrote: > > > No, getent NEWusername produces a result SHOWING the old username - > > not the other way around. The machine is a domain member. We did a > > join using net join ads. > > Where is it displaying the old username ? > > > > > The passwords file has only the standard local users in there. > > Well that rules that out. > > > > > > =========================================================> ======> > cat /etc/nsswitch.conf > > # /etc/nsswitch.conf > > # > > # Example configuration of GNU Name Service Switch functionality. > > # If you have the `glibc-doc-reference' and `info' packages > > installed, try: # `info libc "Name Service Switch"' for information > > about this file. > > > > passwd: compat winbind > > group: compat winbind > > shadow: compat > > > > hosts: files dns mdns4 > > networks: files > > > > protocols: db files > > services: db files > > ethers: db files > > rpc: db files > > > > group: compat winbind > > > =========================================================> ======> > > > Why have you got two 'group' lines ? otherwise nothing wrong there. > > Is there any chance you can post a sanitized version of the users > object in AD ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaWichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht Important Note: The information contained in this e-mail is confidential. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. We also would like to inform you that communication via e-mail over the internet is insecure because third parties may have the possibility to access and manipulate e-mails.
Julian Zielke
2016-Sep-06 16:13 UTC
[Samba] Winbind / Samba auth problem after username change
BTW I noticed that most configs use the wildcard parameter. So the smb.conf now uses: idmap config * : backend = rid idmap config * : range = 16777216-33554431 But still no change... I really wonder where this old username is coming from...> -----Ursprüngliche Nachricht----- > Von: Julian Zielke > Gesendet: Dienstag, 6. September 2016 18:10 > An: 'Rowland Penny' <rpenny at samba.org> > Cc: 'samba at lists.samba.org' <samba at lists.samba.org> > Betreff: AW: [Samba] Winbind / Samba auth problem after username change > > Here: > > # getent passwd <domain>+<NEWusername> > <domain>+<OLDusername>:*:16778566:16777729::/home/NLI/<OLDuserna > me>:/bin/bash > > > > -----Ursprüngliche Nachricht----- > > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von > > Rowland Penny via samba > > Gesendet: Dienstag, 6. September 2016 17:53 > > An: samba at lists.samba.org > > Betreff: Re: [Samba] Winbind / Samba auth problem after username > change > > > > On Tue, 6 Sep 2016 15:38:57 +0000 > > Julian Zielke <jzielke at next-level-integration.com> wrote: > > > > > No, getent NEWusername produces a result SHOWING the old username > - > > > not the other way around. The machine is a domain member. We did a > > > join using net join ads. > > > > Where is it displaying the old username ? > > > > > > > > The passwords file has only the standard local users in there. > > > > Well that rules that out. > > > > > > > > > > > =========================================================> > ======> > > cat /etc/nsswitch.conf > > > # /etc/nsswitch.conf > > > # > > > # Example configuration of GNU Name Service Switch functionality. > > > # If you have the `glibc-doc-reference' and `info' packages > > > installed, try: # `info libc "Name Service Switch"' for information > > > about this file. > > > > > > passwd: compat winbind > > > group: compat winbind > > > shadow: compat > > > > > > hosts: files dns mdns4 > > > networks: files > > > > > > protocols: db files > > > services: db files > > > ethers: db files > > > rpc: db files > > > > > > group: compat winbind > > > > > > =========================================================> > ======> > > > > > > Why have you got two 'group' lines ? otherwise nothing wrong there. > > > > Is there any chance you can post a sanitized version of the users > > object in AD ? > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/sambaWichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht Important Note: The information contained in this e-mail is confidential. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. We also would like to inform you that communication via e-mail over the internet is insecure because third parties may have the possibility to access and manipulate e-mails.