On 18/07/2019 20:20, ?ukasz Michalski via samba wrote:> W dniu 2019-07-18 o?18:46, Rowland penny via samba pisze: >> On 18/07/2019 17:36, Kris Lou via samba wrote: >>> Might have something to do with this bug: >>> https://bugzilla.samba.org/show_bug.cgi?id=11482 >>> >>> You can find and make the relevant changes with ADSI Edit. >>> >>> >> The problem is that renaming a user on Linux works the opposite way >> to Windows and neither renames everything. >> >> If you rename on Linux with ldbrename, it renames dn, cn, name and >> distinguishedname, it doesn't rename any other attributes, >> >> Windows renames everything except dn, cn, name and distinguishedname >> > On my second linux member (backup) getent passwd returns new name: > > [root at backup ~]# getent passwd > SAMDOM\hlg:*:10001:10000::/home/bar:/bin/sh > > There are two differences: > > ?- no description in passwd line > ?- this member does not have "winbind use default domain = yes" in > config file. > > The rest is the same: OS, samba version. > > I changed uid, sAMAccountName, msFU30Name from 'foo' to 'bar' using > ADUC attribute editor. Now I have 'bar' instead of 'foo' in LDAP > attributes. I double checked that attribues changed witch ldbsearch on > Samba AD. > > But getent passwd still shows 'foo' on first machine. > > Regards, > ?ukasz > >Try running 'net cache flush' Rowland
Łukasz Michalski
2019-Jul-18 19:39 UTC
[Samba] getent passwd shows old name for renamed user
W dniu 2019-07-18 o?21:22, Rowland penny via samba pisze:> On 18/07/2019 20:20, ?ukasz Michalski via samba wrote: >> W dniu 2019-07-18 o?18:46, Rowland penny via samba pisze: >> >> I changed uid, sAMAccountName, msFU30Name from 'foo' to 'bar' using >> ADUC attribute editor. Now I have 'bar' instead of 'foo' in LDAP >> attributes. I double checked that attribues changed witch ldbsearch >> on Samba AD. >> >> But getent passwd still shows 'foo' on first machine. >> >> Regards, >> ?ukasz >> >> > Try running 'net cache flush' > > Rowland >Still nothing. I also restarted samba on AD machine and winbind on first machine (member) There was a pause when running getent passwd but 'foo' is still returned. ?ukasz
Łukasz Michalski
2019-Jul-18 20:13 UTC
[Samba] getent passwd shows old name for renamed user
W dniu 2019-07-18 o?21:39, ?ukasz Michalski via samba pisze:> W dniu 2019-07-18 o?21:22, Rowland penny via samba pisze: > >> On 18/07/2019 20:20, ?ukasz Michalski via samba wrote: >>> W dniu 2019-07-18 o?18:46, Rowland penny via samba pisze: >>> >>> I changed uid, sAMAccountName, msFU30Name from 'foo' to 'bar' using >>> ADUC attribute editor. Now I have 'bar' instead of 'foo' in LDAP >>> attributes. I double checked that attribues changed witch ldbsearch >>> on Samba AD. >>> >>> But getent passwd still shows 'foo' on first machine. >>> >>> Regards, >>> ?ukasz >>> >>> >> Try running 'net cache flush' >> >> Rowland >> > Still nothing. I also restarted samba on AD machine and winbind on > first machine (member) > There was a pause when running getent passwd but 'foo' is still returned. > >Ok, found it. I did lsof on winbind and found 'foo' entry in /var/cache/samba/netsamlogon_cache.tdb with tdbtool. Next I do: net cache samlogon list net cache samlogon delete <SID> Now getent passwd returns new name. The difference between two unix members was I connected to share o the first one (where the problem was) and did not connect on second node, so there was no old name in samlogon cache. Regards, ?ukasz