Rowland Penny
2017-Oct-31 17:37 UTC
[Samba] Password change question/1: smbpasswd does not propagate passwords?!
On Tue, 31 Oct 2017 17:59:40 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> > I reply to myself... > > > So, the question: how replica works?! I'm confused... > > To add ''strangeness'', i've done another password change, on DC1, and > verified that password change time does not propagate to DC2.Are you sure that it isn't propogating ? Have you checked the attribute 'pwdLastSet' in the users object in AD on all DCs ? ldbsearch -H /usr/local/samba/private/sam.ldb -b "DC=samdom,DC=example,DC=com" -s sub "(&(objectClass=user)(sAMAccountName=username))" pwdLastSet | grep '[p]wdLastSet' | awk '{print $NF}' Run the above command on all DCs, it should produce a number and the number should be the same on all DCs Replace: /usr/local/samba/private/sam.ldb with the path to your sam.ldb DC=samdom,DC=example,DC=com with your NC username with a users name from your AD domain You will also need ldb-tools installed.> After that i've done a ssh logon on DC2 (with that user, of course) > and i was able to use the new password, and password change time get > ''syncronized''. > > > After that, i'm now adding a bunch of users on DC2, and they not > appear on DC1.This is worrying, they should replicate to all DCs.> > > It is normal? How can i debug this, or force a sync?Definitely not normal, how are you creating users ? Have a look at 'samba-tool ldapcmp --help' to check the AD databases. Rowland
Marco Gaiarin
2017-Oct-31 18:19 UTC
[Samba] Password change question/1: smbpasswd does not propagate passwords?!
Mandi! Rowland Penny via samba In chel di` si favelave...> Have a look at 'samba-tool ldapcmp --help' to check the AD databases.Ok, i'm writing on the blackboard: Do you have opened the firewall in BOTH way, gaio? Do you have opened the firewall in BOTH way, gaio? Do you have opened the firewall in BOTH way, gaio? ... Sorry. And again thanks. ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Rowland Penny
2017-Oct-31 18:34 UTC
[Samba] Password change question/1: smbpasswd does not propagate passwords?!
On Tue, 31 Oct 2017 19:19:26 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > Have a look at 'samba-tool ldapcmp --help' to check the AD > > databases. > > Ok, i'm writing on the blackboard: > > Do you have opened the firewall in BOTH way, gaio? > Do you have opened the firewall in BOTH way, gaio? > Do you have opened the firewall in BOTH way, gaio? > ... > > Sorry. And again thanks. ;-) >As I keep saying, you learn by your mistakes, only problem is, I keep making the same mistakes ;-) Rowland