thr3ads.net - samba - [Samba] A computer in the Domain got stuck with and old username [Jan 2024]

If this information is useful, please help other people find it:
Share via:

Dr. Nicola Mingotti

2024-Jan-29 21:07 UTC

[Samba] A computer in the Domain got stuck with and old username

On Mon-29-Jan-2024 21:22, Rowland Penny via samba wrote:> On Mon, 29 Jan 2024 21:11:55 +0100
> "Dr. Nicola Mingotti" <nmingotti at gmail.com> wrote:
>
>> On Mon-29-Jan-2024 19:51, Rowland Penny via samba wrote:
>>> On Mon, 29 Jan 2024 19:18:36 +0100
>>> "Dr. Nicola Mingotti via samba" <samba at
lists.samba.org> wrote:
>>>
>>>> Hi all,
>>>>
>>>> ==== SETUP ===>>>> I have a samba AC/DC in Debian
stable. Several Windows client and a
>>>> few Linux/Debian-stable client in the domain, one of those
client
>>>> is called CORE1 and it is giving problems.
>>>>
>>>> ==== THE FACT ===>>>> 2 weeks ago i changed all the
Domain user names to a standardized
>>>> "name.lastname"
>>>>
>>>> ==== PROBLEM ===>>>> One computer, CORE1, which
runs Jupyter, got stuck with an old
>>>> username. To be more precise, my old username was
'WINDOM\nicola',
>>>> my new username is 'WINDOM\nicola.mingotti'.
>>>> CORE1 does not see the new user and still things
'WINDOM\nicola' is
>>>> available.
>>>>
>>>> ==== WAHT I SEE ===>>>> . From 2 computers in the
Domain, CORE1 and NAS, NAS is right,
>>>> CORE1 is wrong
>>>> foo at core1> getent passwd | grep nic
>>>> WINDOM\nicola:*:11103:10513::/home/WINDOM-nicola:/bin/bash
>>>>
>>>> foo at nas> getent passwd | grep nic
>>>> WINDOM\nicola.mingotti:*:11103:10513:Nicola
>>>> Mingotti:/home/WINDOM-nicola.mingotti:/bin/bash
>>>>
>>>> === WHAT I TRIED ===>>>> 1] I tried to get out from
the domain and in again => not working
>>>> foo at core1> sudo net ads leave -U XXX
>>>> foo at core1> suod net ads join -U XXX
>>>>
>>>> 2] I tried to inspect with opensnoop what getent is looking at
>>>> $> sudo opensnoop-bpfcc
>>>> I saw some systemd got involved so i changed nsswitch.conf like
>>>> this and reboot
>>>> ---- /etc/nsswitch.conf ------
>>>> passwd:???????? files winbind??? # before has also systemd
>>>> group:????????? files winbind??? # before had also systemd
>>>> shadow:???????? files
>>>> -------------------------------
>>>>
>>>> After every major change I rebooted.
>>>>
>>>> Do you have any ideas ? I am stuck
>>>>
>>>> bye
>>>> Nicola
>>> Have you tried running 'net cache flush' (as root) on core1
?
>>>
>>> Rowland
>>>
>>>
>>>
>> Hi Rowland,
>> thank you for the suggestion, i tried, also rebooted, it does not
>> make it. user 'WINDOM\nicola' is still happily there.
>>
> Have you checked that the rename has actually worked, easiest way is by
> using samba-tool on the DC:
>
> sudo samba-tool user show nicola
>
> Or:
>
> sudo samba-tool user show nicola.mingotti
>
> One of those should display the users AD objects.
>
> Rowland
>
> PS, Please do not 'CC' me, just reply to the list.
>
>
>
Done, it says what I would expect, the Domain Controller name is DC1

foo at dc1> sudo samba-tool user show nicola
ERROR: Failed to get password for user 'nicola': Unable to find user 
"nicola"

foo at dc1> sudo samba-tool user show nicola.mingotti
dn: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
instanceType: 4
whenCreated: 20201106233854.0Z
uSNCreated: 5253
objectGUID: 6d1af44b-d2e6-4719-9e31-b3d15b71f59f
userAccountControl: 66048
codePage: 0
countryCode: 0
primaryGroupID: 513
objectSid: S-1-5-21-2112549936-2540803609-4198596461-1103
accountExpires: 9223372036854775807
sAMAccountType: 805306368
lockoutTime: 0
objectCategory: 
CN=Person,CN=Schema,CN=Configuration,DC=windom,DC=borghi,DC=lan
msDS-SupportedEncryptionTypes: 0
mail: nicola.mingotti at borghigroup.it
memberOf: CN=g-utentiUfficio,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-developer,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=update-WLCS,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-codifica,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-leggiTutto,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-controllagiri,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-social-media,CN=Users,DC=windom,DC=borghi,DC=lan
memberOf: CN=g-ricerca-sviluppo,CN=Users,DC=windom,DC=borghi,DC=lan
pwdLastSet: 133362324193280840
userPrincipalName: nicola.mingotti at windom.borghi.lan
displayName: Nicola Mingotti
givenName: Nicola
sn: Mingotti
sAMAccountName: nicola.mingotti
cn: nicola.mingotti
name: nicola.mingotti
lastLogonTimestamp: 133504325545005320
whenChanged: 20240122212914.0Z
uSNChanged: 164460
lastLogon: 133510311606091920
logonCount: 346
distinguishedName: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan


Nicola

Rowland Penny

2024-Jan-29 21:39 UTC

head link

[Samba] A computer in the Domain got stuck with and old username

On Mon, 29 Jan 2024 22:07:36 +0100
"Dr. Nicola Mingotti" <nmingotti at gmail.com>
wrote:> Done, it says what I would expect, the Domain Controller name is DC1
> 
> foo at dc1> sudo samba-tool user show nicola
> ERROR: Failed to get password for user 'nicola': Unable to find
user
> "nicola"
> 
> foo at dc1> sudo samba-tool user show nicola.mingotti
> dn: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> instanceType: 4
> whenCreated: 20201106233854.0Z
> uSNCreated: 5253
> objectGUID: 6d1af44b-d2e6-4719-9e31-b3d15b71f59f
> userAccountControl: 66048
> codePage: 0
> countryCode: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-2112549936-2540803609-4198596461-1103
> accountExpires: 9223372036854775807
> sAMAccountType: 805306368
> lockoutTime: 0
> objectCategory: 
> CN=Person,CN=Schema,CN=Configuration,DC=windom,DC=borghi,DC=lan
> msDS-SupportedEncryptionTypes: 0
> mail: nicola.mingotti at borghigroup.it
> memberOf: CN=g-utentiUfficio,CN=Users,DC=windom,DC=borghi,DC=lan
> memberOf: CN=g-developer,CN=Users,DC=windom,DC=borghi,DC=lan
> memberOf: CN=update-WLCS,CN=Users,DC=windom,DC=borghi,DC=lan
> memberOf: CN=g-codifica,CN=Users,DC=windom,DC=borghi,DC=lan
> memberOf: CN=g-leggiTutto,CN=Users,DC=windom,DC=borghi,DC=lan
> memberOf: CN=g-controllagiri,CN=Users,DC=windom,DC=borghi,DC=lan
> memberOf: CN=g-social-media,CN=Users,DC=windom,DC=borghi,DC=lan
> memberOf: CN=g-ricerca-sviluppo,CN=Users,DC=windom,DC=borghi,DC=lan
> pwdLastSet: 133362324193280840
> userPrincipalName: nicola.mingotti at windom.borghi.lan
> displayName: Nicola Mingotti
> givenName: Nicola
> sn: Mingotti
> sAMAccountName: nicola.mingotti
> cn: nicola.mingotti
> name: nicola.mingotti
> lastLogonTimestamp: 133504325545005320
> whenChanged: 20240122212914.0Z
> uSNChanged: 164460
> lastLogon: 133510311606091920
> logonCount: 346
> distinguishedName:
> CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan
Everything looks like it should be, so why doesn't it work on one
machine ?
It looks like it is 'cached' somewhere, which, if it was a Samba cache,
'net cache flush' should clear. I wonder if nscd is also running, this
can interfere with Samba, so if it is, stop it and ensure it doesn't
start again.

Rowland

Possibly Parallel Threads

Search for more reasonably related threads

samba - Jan 2024 - A computer in the Domain got stuck with and old username

[Samba] A computer in the Domain got stuck with and old username

[Samba] A computer in the Domain got stuck with and old username

Possibly Parallel Threads