Dr. Nicola Mingotti
2024-Jan-29 21:07 UTC
[Samba] A computer in the Domain got stuck with and old username
On Mon-29-Jan-2024 21:22, Rowland Penny via samba wrote:> On Mon, 29 Jan 2024 21:11:55 +0100 > "Dr. Nicola Mingotti" <nmingotti at gmail.com> wrote: > >> On Mon-29-Jan-2024 19:51, Rowland Penny via samba wrote: >>> On Mon, 29 Jan 2024 19:18:36 +0100 >>> "Dr. Nicola Mingotti via samba" <samba at lists.samba.org> wrote: >>> >>>> Hi all, >>>> >>>> ==== SETUP ===>>>> I have a samba AC/DC in Debian stable. Several Windows client and a >>>> few Linux/Debian-stable client in the domain, one of those client >>>> is called CORE1 and it is giving problems. >>>> >>>> ==== THE FACT ===>>>> 2 weeks ago i changed all the Domain user names to a standardized >>>> "name.lastname" >>>> >>>> ==== PROBLEM ===>>>> One computer, CORE1, which runs Jupyter, got stuck with an old >>>> username. To be more precise, my old username was 'WINDOM\nicola', >>>> my new username is 'WINDOM\nicola.mingotti'. >>>> CORE1 does not see the new user and still things 'WINDOM\nicola' is >>>> available. >>>> >>>> ==== WAHT I SEE ===>>>> . From 2 computers in the Domain, CORE1 and NAS, NAS is right, >>>> CORE1 is wrong >>>> foo at core1> getent passwd | grep nic >>>> WINDOM\nicola:*:11103:10513::/home/WINDOM-nicola:/bin/bash >>>> >>>> foo at nas> getent passwd | grep nic >>>> WINDOM\nicola.mingotti:*:11103:10513:Nicola >>>> Mingotti:/home/WINDOM-nicola.mingotti:/bin/bash >>>> >>>> === WHAT I TRIED ===>>>> 1] I tried to get out from the domain and in again => not working >>>> foo at core1> sudo net ads leave -U XXX >>>> foo at core1> suod net ads join -U XXX >>>> >>>> 2] I tried to inspect with opensnoop what getent is looking at >>>> $> sudo opensnoop-bpfcc >>>> I saw some systemd got involved so i changed nsswitch.conf like >>>> this and reboot >>>> ---- /etc/nsswitch.conf ------ >>>> passwd:???????? files winbind??? # before has also systemd >>>> group:????????? files winbind??? # before had also systemd >>>> shadow:???????? files >>>> ------------------------------- >>>> >>>> After every major change I rebooted. >>>> >>>> Do you have any ideas ? I am stuck >>>> >>>> bye >>>> Nicola >>> Have you tried running 'net cache flush' (as root) on core1 ? >>> >>> Rowland >>> >>> >>> >> Hi Rowland, >> thank you for the suggestion, i tried, also rebooted, it does not >> make it. user 'WINDOM\nicola' is still happily there. >> > Have you checked that the rename has actually worked, easiest way is by > using samba-tool on the DC: > > sudo samba-tool user show nicola > > Or: > > sudo samba-tool user show nicola.mingotti > > One of those should display the users AD objects. > > Rowland > > PS, Please do not 'CC' me, just reply to the list. > > >Done, it says what I would expect, the Domain Controller name is DC1 foo at dc1> sudo samba-tool user show nicola ERROR: Failed to get password for user 'nicola': Unable to find user "nicola" foo at dc1> sudo samba-tool user show nicola.mingotti dn: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user instanceType: 4 whenCreated: 20201106233854.0Z uSNCreated: 5253 objectGUID: 6d1af44b-d2e6-4719-9e31-b3d15b71f59f userAccountControl: 66048 codePage: 0 countryCode: 0 primaryGroupID: 513 objectSid: S-1-5-21-2112549936-2540803609-4198596461-1103 accountExpires: 9223372036854775807 sAMAccountType: 805306368 lockoutTime: 0 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=windom,DC=borghi,DC=lan msDS-SupportedEncryptionTypes: 0 mail: nicola.mingotti at borghigroup.it memberOf: CN=g-utentiUfficio,CN=Users,DC=windom,DC=borghi,DC=lan memberOf: CN=g-developer,CN=Users,DC=windom,DC=borghi,DC=lan memberOf: CN=update-WLCS,CN=Users,DC=windom,DC=borghi,DC=lan memberOf: CN=g-codifica,CN=Users,DC=windom,DC=borghi,DC=lan memberOf: CN=g-leggiTutto,CN=Users,DC=windom,DC=borghi,DC=lan memberOf: CN=g-controllagiri,CN=Users,DC=windom,DC=borghi,DC=lan memberOf: CN=g-social-media,CN=Users,DC=windom,DC=borghi,DC=lan memberOf: CN=g-ricerca-sviluppo,CN=Users,DC=windom,DC=borghi,DC=lan pwdLastSet: 133362324193280840 userPrincipalName: nicola.mingotti at windom.borghi.lan displayName: Nicola Mingotti givenName: Nicola sn: Mingotti sAMAccountName: nicola.mingotti cn: nicola.mingotti name: nicola.mingotti lastLogonTimestamp: 133504325545005320 whenChanged: 20240122212914.0Z uSNChanged: 164460 lastLogon: 133510311606091920 logonCount: 346 distinguishedName: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan Nicola
Rowland Penny
2024-Jan-29 21:39 UTC
[Samba] A computer in the Domain got stuck with and old username
On Mon, 29 Jan 2024 22:07:36 +0100 "Dr. Nicola Mingotti" <nmingotti at gmail.com> wrote:> Done, it says what I would expect, the Domain Controller name is DC1 > > foo at dc1> sudo samba-tool user show nicola > ERROR: Failed to get password for user 'nicola': Unable to find user > "nicola" > > foo at dc1> sudo samba-tool user show nicola.mingotti > dn: CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lan > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > instanceType: 4 > whenCreated: 20201106233854.0Z > uSNCreated: 5253 > objectGUID: 6d1af44b-d2e6-4719-9e31-b3d15b71f59f > userAccountControl: 66048 > codePage: 0 > countryCode: 0 > primaryGroupID: 513 > objectSid: S-1-5-21-2112549936-2540803609-4198596461-1103 > accountExpires: 9223372036854775807 > sAMAccountType: 805306368 > lockoutTime: 0 > objectCategory: > CN=Person,CN=Schema,CN=Configuration,DC=windom,DC=borghi,DC=lan > msDS-SupportedEncryptionTypes: 0 > mail: nicola.mingotti at borghigroup.it > memberOf: CN=g-utentiUfficio,CN=Users,DC=windom,DC=borghi,DC=lan > memberOf: CN=g-developer,CN=Users,DC=windom,DC=borghi,DC=lan > memberOf: CN=update-WLCS,CN=Users,DC=windom,DC=borghi,DC=lan > memberOf: CN=g-codifica,CN=Users,DC=windom,DC=borghi,DC=lan > memberOf: CN=g-leggiTutto,CN=Users,DC=windom,DC=borghi,DC=lan > memberOf: CN=g-controllagiri,CN=Users,DC=windom,DC=borghi,DC=lan > memberOf: CN=g-social-media,CN=Users,DC=windom,DC=borghi,DC=lan > memberOf: CN=g-ricerca-sviluppo,CN=Users,DC=windom,DC=borghi,DC=lan > pwdLastSet: 133362324193280840 > userPrincipalName: nicola.mingotti at windom.borghi.lan > displayName: Nicola Mingotti > givenName: Nicola > sn: Mingotti > sAMAccountName: nicola.mingotti > cn: nicola.mingotti > name: nicola.mingotti > lastLogonTimestamp: 133504325545005320 > whenChanged: 20240122212914.0Z > uSNChanged: 164460 > lastLogon: 133510311606091920 > logonCount: 346 > distinguishedName: > CN=nicola.mingotti,CN=Users,DC=windom,DC=borghi,DC=lanEverything looks like it should be, so why doesn't it work on one machine ? It looks like it is 'cached' somewhere, which, if it was a Samba cache, 'net cache flush' should clear. I wonder if nscd is also running, this can interfere with Samba, so if it is, stop it and ensure it doesn't start again. Rowland
Reasonably Related Threads
- A computer in the Domain got stuck with and old username
- SID-UID mapping issue on Samba 3.0.4 in an AD Domain
- Interdomain trust problem
- Updating samba version 4.17.5 to version 4.17.6 from Debian backports - armel architecture
- Fwd: samba-gpupdate nsswitch error