samba - May 2018 - Got "I have no name!" error after deleting a samba user whose username is identical to the AD user

Hi,

I am running Samba 4.3.11-Ubuntu on a cluster of Ubuntu 16.04 and Samba is
configured as an AD Server.

I got "I have no name!" error after deleting a samba user whose
username is
identical to my Linux username (An AD user).

Here is how this happens:

The AD user is zhangyy (uid 12369).

1. We used `smbpasswd -a zhangyy` to created a new smb user.
2. We used `smbpasswd -x zhangyy` to delete the newly created smb user.

After doing this, I lost my username, and got the "I have no name!"
error.
and id command showed "no such user" error. But I can get my username
by
the micro $USER. It is weird.

After searching on Google for a while, I came to understand that idmapping
may be the problem.

Here are some useful outputs of wbinfo:

> I have no name!@bd21:~$ id
>
> uid=12369 gid=10513(domain users) groups=10513(domain
>> users),12369(zhangyy),14222(certsvc_dcom_access),1000002(BUILTIN\users)
>
> I have no name!@bd21:~$ wbinfo -n zhangyy
>
> S-1-5-21-2473489792-1370047036-1446391509-2369 SID_USER (1)
>
> I have no name!@bd21:~$ wbinfo --uid-to-sid=12369
>
> S-1-5-21-3437994910-1777336544-1996716333-1009
>
> I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
>> 3437994910-1777336544-1996716333-1009
>
> 12369
>
> I have no name!@bd21:~$ wbinfo --sid-to-name=S-1-5-21-
>> 3437994910-1777336544-1996716333-1009
>
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
>
> Could not lookup sid S-1-5-21-3437994910-1777336544-1996716333-1009
>
> I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
>> 2473489792-1370047036-1446391509-2369
>
> 12369
>
>
>
The sid of my user differed from that on the AD server. And the current sid
cannot be mapped to the name. (Is this the cause of losing my name)

 And I tried to fix the mapping by the following command but failed.

I have no name!@bd21:~$ wbinfo
--set-uid-mapping=12369,S-1-5-
>> 21-2473489792-1370047036-1446391509-2369
>
> failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED
>
> Could not create or modify uid to sid mapping
>
>
I also tried to delete winbindd_idmap.tdb and restart the computer but this
did not fix the uid-sid mapping.

And I also found that deleting a smb user whose username is identical to an
AD user will change AD user's sid (maybe locally?). But I don't know if
this is the cause of the problem.

I have put the smb.conf at the end of this email. And I need your help to
fix the problem.

Thank you very much.


smb.conf

[global]
>
>         security = ads
>
>         realm = LAB.ACT.BUAA.EDU.CN <http://lab.act.buaa.edu.cn/>
>
> # If the system doesn't find the domain controller automatically, you
may
>> need the following line
>
>         password server = 192.168.0.3
>
> # note that workgroup is the 'short' domain name
>
>         workgroup = LAB
>
> #       winbind separator = +
>
>
>> idmap config * : backend        = tdb
>
> idmap config * : range          = 1000000-1999999
>
>
>> idmap config LAB : backend     = rid
>
> idmap config LAB : range       = 10000 - 49999
>
>
>> #        idmap uid = 10000-20000
>
> #        idmap gid = 10000-20000
>
>         winbind enum users = yes
>
>         winbind enum groups = yes
>
>         template homedir = /home/%D/%U
>
>         template shell = /bin/bash
>
>         client use spnego = yes
>
>         client ntlmv2 auth = yes
>
>         encrypt passwords = yes
>
>         winbind use default domain = yes
>
>         restrict anonymous = 2
>
>
Regards,

ZHANG Yangyang

On Thu, 24 May 2018 04:00:27 +0800
Yangyang Zhang via samba <samba at lists.samba.org> wrote:
>  Hi,
> 
> I am running Samba 4.3.11-Ubuntu on a cluster of Ubuntu 16.04 and
> Samba is configured as an AD Server.
No it isn't, it is configured as a Unix domain member ;-)
Also, please define 'cluster'
> 
> I got "I have no name!" error after deleting a samba user whose
> username is identical to my Linux username (An AD user).
> 
> Here is how this happens:
> 
> The AD user is zhangyy (uid 12369).
> 
> 1. We used `smbpasswd -a zhangyy` to created a new smb user.
Please give up doing this, you shouldn't be doing this, please use
'samba-tool user create zhangyy Pa$$w0rd*' if the AD DC is a Samba one,
if it is a windows DC, use RSAT.
> 2. We used `smbpasswd -x zhangyy` to delete the newly created smb
> user.
Again, use samba-tool or RSAT.
> 
> After doing this, I lost my username, and got the "I have no
name!"
> error. and id command showed "no such user" error. But I can get
my
> username by the micro $USER. It is weird.
> 
> After searching on Google for a while, I came to understand that
> idmapping may be the problem.
Possibly, but you have a bigger problem, you say you have a samba user
and a Linux user that is stored in AD. You should only have an AD user
that is also a Unix user, forget the Samba user, it is the old way of
doing things.
> 
> Here are some useful outputs of wbinfo:
> 
> 
> > I have no name!@bd21:~$ id
> >
> > uid=12369 gid=10513(domain users) groups=10513(domain
> >>
users),12369(zhangyy),14222(certsvc_dcom_access),1000002(BUILTIN\users)
Hmm, you also seem to have a group called 'zhangyy', this isn't
allowed
with AD.
> >
> > I have no name!@bd21:~$ wbinfo -n zhangyy
> >
> > S-1-5-21-2473489792-1370047036-1446391509-2369 SID_USER (1)
> >
> > I have no name!@bd21:~$ wbinfo --uid-to-sid=12369
> >
> > S-1-5-21-3437994910-1777336544-1996716333-1009
> >
> > I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
> >> 3437994910-1777336544-1996716333-1009
> >
> > 12369
> >
> > I have no name!@bd21:~$ wbinfo --sid-to-name=S-1-5-21-
> >> 3437994910-1777336544-1996716333-1009
> >
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> >
> > Could not lookup sid S-1-5-21-3437994910-1777336544-1996716333-1009
> >
> > I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
> >> 2473489792-1370047036-1446391509-2369
> >
> > 12369
> >
> >
> >
> The sid of my user differed from that on the AD server. And the
> current sid cannot be mapped to the name. (Is this the cause of
> losing my name)
> 
>  And I tried to fix the mapping by the following command but failed.
> 
> I have no name!@bd21:~$ wbinfo --set-uid-mapping=12369,S-1-5-
> >> 21-2473489792-1370047036-1446391509-2369
> >
> > failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED
> >
> > Could not create or modify uid to sid mapping
> >
> >
> I also tried to delete winbindd_idmap.tdb and restart the computer
> but this did not fix the uid-sid mapping.
> 
> And I also found that deleting a smb user whose username is identical
> to an AD user will change AD user's sid (maybe locally?). But I
don't
> know if this is the cause of the problem.
No the problem is that you don't understand how AD works, you only
store a user in AD and then make that user a Unix user.
 
> 
> I have put the smb.conf at the end of this email. And I need your
> help to fix the problem.
> 
> Thank you very much.
> 
> 
> smb.conf
> 
> [global]
> >
> >         security = ads
> >
> >         realm = LAB.ACT.BUAA.EDU.CN
<http://lab.act.buaa.edu.cn/>
> >
> > # If the system doesn't find the domain controller automatically,
> > you may
> >> need the following line
You could paraphrase that commented line as 'If you need the following
line, you have BIG problems'
> >         password server = 192.168.0.3
Or in other words, you should remove the above line and let Samba find
the AD DC

Rowland

Hi,

Thanks for your quick response.

Now I come to a better understanding about Samba and how AD works.

I wonder is there any quick fix for the "I have no name!" problem.
Because
I cannot login Ubuntu via SSH.
Now I have to use another user and use `su zhangyy` to use my user.

One more question, is there a proper way to let the AD user shares its home
directory on Samba using the same password?

Thanks for your time and consideration.


2018-05-24 4:34 GMT+08:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Thu, 24 May 2018 04:00:27 +0800
> Yangyang Zhang via samba <samba at lists.samba.org> wrote:
>
> >  Hi,
> >
> > I am running Samba 4.3.11-Ubuntu on a cluster of Ubuntu 16.04 and
> > Samba is configured as an AD Server.
>
> No it isn't, it is configured as a Unix domain member ;-)
> Also, please define 'cluster'
>
It is a research cluster with 64 high-end machines running Ubuntu 16.04
each. The cluster is shared by many students. There is another windows AD
server and samba on Ubuntu is configured to use AD auth and creates users
for each student.

> >
> > I got "I have no name!" error after deleting a samba user
whose
> > username is identical to my Linux username (An AD user).
> >
> > Here is how this happens:
> >
> > The AD user is zhangyy (uid 12369).
> >
> > 1. We used `smbpasswd -a zhangyy` to created a new smb user.
>
> Please give up doing this, you shouldn't be doing this, please use
> 'samba-tool user create zhangyy Pa$$w0rd*' if the AD DC is a Samba
one,
> if it is a windows DC, use RSAT.
>
> > 2. We used `smbpasswd -x zhangyy` to delete the newly created smb
> > user.
>
> Again, use samba-tool or RSAT.
>
> >
> > After doing this, I lost my username, and got the "I have no
name!"
> > error. and id command showed "no such user" error. But I can
get my
> > username by the micro $USER. It is weird.
> >
> > After searching on Google for a while, I came to understand that
> > idmapping may be the problem.
>
> Possibly, but you have a bigger problem, you say you have a samba user
> and a Linux user that is stored in AD. You should only have an AD user
> that is also a Unix user, forget the Samba user, it is the old way of
> doing things.
>
> >
> > Here are some useful outputs of wbinfo:
> >
> >
> > > I have no name!@bd21:~$ id
> > >
> > > uid=12369 gid=10513(domain users) groups=10513(domain
> > >> users),12369(zhangyy),14222(certsvc_dcom_access),1000002(
> BUILTIN\users)
>
> Hmm, you also seem to have a group called 'zhangyy', this isn't
allowed
> with AD.
>
> > >
> > > I have no name!@bd21:~$ wbinfo -n zhangyy
> > >
> > > S-1-5-21-2473489792-1370047036-1446391509-2369 SID_USER (1)
> > >
> > > I have no name!@bd21:~$ wbinfo --uid-to-sid=12369
> > >
> > > S-1-5-21-3437994910-1777336544-1996716333-1009
> > >
> > > I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
> > >> 3437994910-1777336544-1996716333-1009
> > >
> > > 12369
> > >
> > > I have no name!@bd21:~$ wbinfo --sid-to-name=S-1-5-21-
> > >> 3437994910-1777336544-1996716333-1009
> > >
> > > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > >
> > > Could not lookup sid
S-1-5-21-3437994910-1777336544-1996716333-1009
> > >
> > > I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
> > >> 2473489792-1370047036-1446391509-2369
> > >
> > > 12369
> > >
> > >
> > >
> > The sid of my user differed from that on the AD server. And the
> > current sid cannot be mapped to the name. (Is this the cause of
> > losing my name)
> >
> >  And I tried to fix the mapping by the following command but failed.
> >
> > I have no name!@bd21:~$ wbinfo --set-uid-mapping=12369,S-1-5-
> > >> 21-2473489792-1370047036-1446391509-2369
> > >
> > > failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED
> > >
> > > Could not create or modify uid to sid mapping
> > >
> > >
> > I also tried to delete winbindd_idmap.tdb and restart the computer
> > but this did not fix the uid-sid mapping.
> >
> > And I also found that deleting a smb user whose username is identical
> > to an AD user will change AD user's sid (maybe locally?). But I
don't
> > know if this is the cause of the problem.
>
> No the problem is that you don't understand how AD works, you only
> store a user in AD and then make that user a Unix user.
>
> >
> > I have put the smb.conf at the end of this email. And I need your
> > help to fix the problem.
> >
> > Thank you very much.
> >
> >
> > smb.conf
> >
> > [global]
> > >
> > >         security = ads
> > >
> > >         realm = LAB.ACT.BUAA.EDU.CN
<http://lab.act.buaa.edu.cn/>
> > >
> > > # If the system doesn't find the domain controller
automatically,
> > > you may
> > >> need the following line
>
> You could paraphrase that commented line as 'If you need the following
> line, you have BIG problems'
>
> > >         password server = 192.168.0.3
>
> Or in other words, you should remove the above line and let Samba find
> the AD DC
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>