Łukasz Michalski
2019-Jul-18 20:13 UTC
[Samba] getent passwd shows old name for renamed user
W dniu 2019-07-18 o?21:39, ?ukasz Michalski via samba pisze:> W dniu 2019-07-18 o?21:22, Rowland penny via samba pisze: > >> On 18/07/2019 20:20, ?ukasz Michalski via samba wrote: >>> W dniu 2019-07-18 o?18:46, Rowland penny via samba pisze: >>> >>> I changed uid, sAMAccountName, msFU30Name from 'foo' to 'bar' using >>> ADUC attribute editor. Now I have 'bar' instead of 'foo' in LDAP >>> attributes. I double checked that attribues changed witch ldbsearch >>> on Samba AD. >>> >>> But getent passwd still shows 'foo' on first machine. >>> >>> Regards, >>> ?ukasz >>> >>> >> Try running 'net cache flush' >> >> Rowland >> > Still nothing. I also restarted samba on AD machine and winbind on > first machine (member) > There was a pause when running getent passwd but 'foo' is still returned. > >Ok, found it. I did lsof on winbind and found 'foo' entry in /var/cache/samba/netsamlogon_cache.tdb with tdbtool. Next I do: net cache samlogon list net cache samlogon delete <SID> Now getent passwd returns new name. The difference between two unix members was I connected to share o the first one (where the problem was) and did not connect on second node, so there was no old name in samlogon cache. Regards, ?ukasz
On 18/07/2019 21:13, ?ukasz Michalski via samba wrote:> W dniu 2019-07-18 o?21:39, ?ukasz Michalski via samba pisze: >> W dniu 2019-07-18 o?21:22, Rowland penny via samba pisze: >> >>> On 18/07/2019 20:20, ?ukasz Michalski via samba wrote: >>>> W dniu 2019-07-18 o?18:46, Rowland penny via samba pisze: >>>> >>>> I changed uid, sAMAccountName, msFU30Name from 'foo' to 'bar' using >>>> ADUC attribute editor. Now I have 'bar' instead of 'foo' in LDAP >>>> attributes. I double checked that attribues changed witch ldbsearch >>>> on Samba AD. >>>> >>>> But getent passwd still shows 'foo' on first machine. >>>> >>>> Regards, >>>> ?ukasz >>>> >>>> >>> Try running 'net cache flush' >>> >>> Rowland >>> >> Still nothing. I also restarted samba on AD machine and winbind on >> first machine (member) >> There was a pause when running getent passwd but 'foo' is still >> returned. >> >> > Ok, found it. > > I did lsof on winbind and found 'foo' entry in > /var/cache/samba/netsamlogon_cache.tdb with tdbtool. > > Next I do: > > net cache samlogon list > net cache samlogon delete <SID> > > Now getent passwd returns new name. > > The difference between two unix members was I connected to share o the > first one (where the problem was) and did not connect on second node, > so there was no old name in samlogon cache. > > Regards, > ?ukasz > > >Do you have Unix users with the same names as AD users ? To be precise, is there a user called 'foo' in /etc/passwd and in AD ? Rowland
Łukasz Michalski
2019-Jul-18 20:28 UTC
[Samba] getent passwd shows old name for renamed user
W dniu 2019-07-18 o?22:23, Rowland penny via samba pisze:> Ok, found it. >> >> I did lsof on winbind and found 'foo' entry in >> /var/cache/samba/netsamlogon_cache.tdb with tdbtool. >> >> Next I do: >> >> net cache samlogon list >> net cache samlogon delete <SID> >> >> Now getent passwd returns new name. >> >> The difference between two unix members was I connected to share o >> the first one (where the problem was) and did not connect on second >> node, so there was no old name in samlogon cache. >> >> Regards, >> ?ukasz >> >> >> > Do you have Unix users with the same names as AD users ? > > To be precise, is there a user called 'foo' in /etc/passwd and in AD ? > > Rowland >No, there is no unix user with the same (old and new) name. Everything was correct in the passwd line (uid number, shell, home dir, full name) besides user name, that was taken from samlogon cache. Regards, ?ukasz