samba - Jan 2024 - A computer in the Domain got stuck with and old username

On Mon, 29 Jan 2024 21:11:55 +0100
"Dr. Nicola Mingotti" <nmingotti at gmail.com> wrote:
> 
> On Mon-29-Jan-2024 19:51, Rowland Penny via samba wrote:
> > On Mon, 29 Jan 2024 19:18:36 +0100
> > "Dr. Nicola Mingotti via samba" <samba at
lists.samba.org> wrote:
> >
> >> Hi all,
> >>
> >> ==== SETUP ===> >> I have a samba AC/DC in Debian stable.
Several Windows client and a
> >> few Linux/Debian-stable client in the domain, one of those client
> >> is called CORE1 and it is giving problems.
> >>
> >> ==== THE FACT ===> >> 2 weeks ago i changed all the
Domain user names to a standardized
> >> "name.lastname"
> >>
> >> ==== PROBLEM ===> >> One computer, CORE1, which runs
Jupyter, got stuck with an old
> >> username. To be more precise, my old username was
'WINDOM\nicola',
> >> my new username is 'WINDOM\nicola.mingotti'.
> >> CORE1 does not see the new user and still things
'WINDOM\nicola' is
> >> available.
> >>
> >> ==== WAHT I SEE ===> >> . From 2 computers in the Domain,
CORE1 and NAS, NAS is right,
> >> CORE1 is wrong
> >> foo at core1> getent passwd | grep nic
> >> WINDOM\nicola:*:11103:10513::/home/WINDOM-nicola:/bin/bash
> >>
> >> foo at nas> getent passwd | grep nic
> >> WINDOM\nicola.mingotti:*:11103:10513:Nicola
> >> Mingotti:/home/WINDOM-nicola.mingotti:/bin/bash
> >>
> >> === WHAT I TRIED ===> >> 1] I tried to get out from the
domain and in again => not working
> >> foo at core1> sudo net ads leave -U XXX
> >> foo at core1> suod net ads join -U XXX
> >>
> >> 2] I tried to inspect with opensnoop what getent is looking at
> >> $> sudo opensnoop-bpfcc
> >> I saw some systemd got involved so i changed nsswitch.conf like
> >> this and reboot
> >> ---- /etc/nsswitch.conf ------
> >> passwd:???????? files winbind??? # before has also systemd
> >> group:????????? files winbind??? # before had also systemd
> >> shadow:???????? files
> >> -------------------------------
> >>
> >> After every major change I rebooted.
> >>
> >> Do you have any ideas ? I am stuck
> >>
> >> bye
> >> Nicola
> > Have you tried running 'net cache flush' (as root) on core1 ?
> >
> > Rowland
> >
> >
> >
> 
> Hi Rowland,
> thank you for the suggestion, i tried, also rebooted, it does not
> make it. user 'WINDOM\nicola' is still happily there.
> 
Have you checked that the rename has actually worked, easiest way is by
using samba-tool on the DC:

sudo samba-tool user show nicola

Or:

sudo samba-tool user show nicola.mingotti

One of those should display the users AD objects.

Rowland

PS, Please do not 'CC' me, just reply to the list.

On Mon-29-Jan-2024 21:22, Rowland Penny via samba wrote:
> On Mon, 29 Jan 2024 21:11:55 +0100
> "Dr. Nicola Mingotti" <nmingotti at gmail.com> wrote:
>
>> On Mon-29-Jan-2024 19:51, Rowland Penny via samba wrote:
>>> On Mon, 29 Jan 2024 19:18:36 +0100
>>> "Dr. Nicola Mingotti via samba" <samba at
lists.samba.org> wrote:
>>>
>>>> Hi all,
>>>>
>>>> ==== SETUP ===>>>> I have a samba AC/DC in Debian
stable. Several Windows client and a
>>>> few Linux/Debian-stable client in the domain, one of those
client
>>>> is called CORE1 and it is giving problems.
>>>>
>>>> ==== THE FACT ===>>>> 2 weeks ago i changed all the
Domain user names to a standardized
>>>> "name.lastname"
>>>>
>>>> ==== PROBLEM ===>>>> One computer, CORE1, which
runs Jupyter, got stuck with an old
>>>> username. To be more precise, my old username was
'WINDOM\nicola',
>>>> my new username is 'WINDOM\nicola.mingotti'.
>>>> CORE1 does not see the new user and still things
'WINDOM\nicola' is
>>>> available.
>>>>
>>>> ==== WAHT I SEE ===>>>> . From 2 computers in the
Domain, CORE1 and NAS, NAS is right,
>>>> CORE1 is wrong
>>>> foo at core1> getent passwd | grep nic
>>>> WINDOM\nicola:*:11103:10513::/home/WINDOM-nicola:/bin/bash
>>>>
>>>> foo at nas> getent passwd | grep nic
>>>> WINDOM\nicola.mingotti:*:11103:10513:Nicola
>>>> Mingotti:/home/WINDOM-nicola.mingotti:/bin/bash
>>>>
>>>> === WHAT I TRIED ===>>>> 1] I tried to get out from
the domain and in again => not working
>>>> foo at core1> sudo net ads leave -U XXX
>>>> foo at core1> suod net ads join -U XXX
>>>>
>>>> 2] I tried to inspect with opensnoop what getent is looking at
>>>> $> sudo opensnoop-bpfcc
>>>> I saw some systemd got involved so i changed nsswitch.conf like
>>>> this and reboot
>>>> ---- /etc/nsswitch.conf ------
>>>> passwd:???????? files winbind??? # before has also systemd
>>>> group:????????? files winbind??? # before had also systemd
>>>> shadow:???????? files
>>>> -------------------------------
>>>>
>>>> After every major change I rebooted.
>>>>
>>>> Do you have any ideas ? I am stuck
>>>>
>>>> bye
>>>> Nicola
>>> Have you tried running 'net cache flush' (as root) on core1
?
>>>
>>> Rowland
>>>
>>>
>>>
>> Hi Rowland,
>> thank you for the suggestion, i tried, also rebooted, it does not
>> make it. user 'WINDOM\nicola' is still happily there.
>>
> Have you checked that the rename has actually worked, easiest way is by
> using samba-tool on the DC:
>
> sudo samba-tool user show nicola
>
> Or:
>
> sudo samba-tool user show nicola.mingotti
>
> One of those should display the users AD objects.
>
> Rowland
>
> PS, Please do not 'CC' me, just reply to the list.
>
>
>
Done, it says what I would expect, the Domain Controller name is DC1

foo at dc1> sudo samba-tool user show nicola
ERROR: Failed to get password for user 'nicola': Unable to find user 
"nicola"

foo at dc1> sudo samba-tool user show nicola.mingotti
dn: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
instanceType: 4
whenCreated: 20201106233854.0Z
uSNCreated: 5253
objectGUID: 6d1af44b-d2e6-4719-9e31-b3d15b71f59f
userAccountControl: 66048
codePage: 0
countryCode: 0
primaryGroupID: 513
objectSid: S-1-5-21-2112549936-2540803609-4198596461-1103
accountExpires: 9223372036854775807
sAMAccountType: 805306368
lockoutTime: 0
objectCategory: 
CN=Person,CN=Schema,CN=Configuration,DC=windom,DC=borghi,DC=lan
msDS-SupportedEncryptionTypes: 0
mail: nicola.mingotti at borghigroup.it
memberOf: CN=g-utentiUfficio,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-developer,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=update-WLCS,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-codifica,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-leggiTutto,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-controllagiri,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-social-media,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-ricerca-sviluppo,CN=Users,DC=windom,DC=borghi,DC=lan
pwdLastSet: 133362324193280840
userPrincipalName: nicola.mingotti at windom.borghi.lan
displayName: Nicola Mingotti
givenName: Nicola
sn: Mingotti
sAMAccountName: nicola.mingotti
cn: nicola.mingotti
name: nicola.mingotti
lastLogonTimestamp: 133504325545005320
whenChanged: 20240122212914.0Z
uSNChanged: 164460
lastLogon: 133510311606091920
logonCount: 346
distinguishedName: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan


Nicola