On Wed, 2022-04-27 at 15:20 -0300, Carlos via samba
wrote:> Hi!
>
> smb.conf
>
>
> [global]
> workgroup = XXXX
> realm = GRUPO.XXXX.COM.BR
>
>
>
> security = ADS
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config XXXX : backend = rid
> idmap config XXXX : range = 100000-999999
>
>
> allow trusted domains = yes
> winbind use default domain = yes
> winbind refresh tickets = Yes
> winbind offline logon = no
> winbind cache time = 60
>
> winbind enum users = yes
> winbind enum groups = yes
>
> template shell = /bin/bash
> template homedir = /home/%U
>
> map to guest = bad user
> guest ok = yes
>
>
> Yes, i trie any porcess, like:
>
> hat I already did, but if successful:
>
> service winbind stop
> service smbd stop
> service nmbd stop
>
> net cache flush
> rm -f /var/lib/samba/*.tdb
> rm -f /var/lib/samba/group_mapping.ldb
> net ads join -U Administrator
> service smbd start
> service nmbd start
>
> service winbind start
You should only need to flush the cache, there should be no need to
delete tdb's and rejoin the domain.
I think I know what is going on here, when you rename a user on
Windows, it doesn't rename everything. The latest Samba versions now
have 'samba-tool user rename' and its usage is this:
Usage: samba-tool user rename <username> [options]
Rename a user and related attributes.
This command allows to set the user's name related attributes. The
user's
CN will be renamed automatically.
The user's new CN will be made up by combining the given-name, initials
and surname. A dot ('.') will be appended to the initials automatically
if required.
Use the --force-new-cn option to specify the new CN manually and the
--reset-cn option to reset this change.
Use an empty attribute value to remove the specified attribute.
The username specified on the command is the sAMAccountName.
The command may be run locally from the root userid or another
authorized
userid.
The -H or --URL= option can be used to execute the command against a
remote
server.
Example1:
samba-tool user rename johndoe --surname='Bloggs'
Example1 shows how to change the surname of a user 'johndoe' to
'Bloggs' on
the local server. The user's CN will be renamed automatically, based on
the given name, initials and surname.
Example2:
samba-tool user rename johndoe --force-new-cn='John Bloggs (Sales)' \
--surname=Bloggs -H ldap://samba.samdom.example.com -U
administrator
Example2 shows how to rename the CN of a user 'johndoe' to 'John
Bloggs
(Sales)'.
Additionally the surname ('sn' attribute) is set to 'Bloggs'.
The -H parameter is used to specify the remote target server.
Options:
-h, --help show this help message and exit
-H URL, --URL=URL LDB URL for database or target server
--surname=SURNAME New surname
--given-name=GIVEN_NAME
New given name
--initials=INITIALS New initials
--force-new-cn=NEW_CN
Specify a new CN (RDN) instead of using a
combination
of the given name, initials and surname.
--reset-cn Set the CN (RDN) to the combination of the
given name,
initials and surname. Use this option to reset
the
changes made with the --force-new-cn option.
--display-name=DISPLAY_NAME
New display name
--mail-address=MAIL_ADDRESS
New email address
--samaccountname=SAMACCOUNTNAME
New account name (sAMAccountName/logon name)
--upn=UPN New user principal name
Rowland