Web lists-archives.com

Re: [Samba] Got "I have no name!" error after deleting a samba user whose username is identical to the AD user




On Thu, 24 May 2018 04:00:27 +0800
Yangyang Zhang via samba <samba@xxxxxxxxxxxxxxx> wrote:

>  Hi,
> 
> I am running Samba 4.3.11-Ubuntu on a cluster of Ubuntu 16.04 and
> Samba is configured as an AD Server.

No it isn't, it is configured as a Unix domain member ;-)
Also, please define 'cluster'

> 
> I got "I have no name!" error after deleting a samba user whose
> username is identical to my Linux username (An AD user).
> 
> Here is how this happens:
> 
> The AD user is zhangyy (uid 12369).
> 
> 1. We used `smbpasswd -a zhangyy` to created a new smb user.

Please give up doing this, you shouldn't be doing this, please use
'samba-tool user create zhangyy Pa$$w0rd*' if the AD DC is a Samba one,
if it is a windows DC, use RSAT.

> 2. We used `smbpasswd -x zhangyy` to delete the newly created smb
> user.

Again, use samba-tool or RSAT.

> 
> After doing this, I lost my username, and got the "I have no name!"
> error. and id command showed "no such user" error. But I can get my
> username by the micro $USER. It is weird.
> 
> After searching on Google for a while, I came to understand that
> idmapping may be the problem.

Possibly, but you have a bigger problem, you say you have a samba user
and a Linux user that is stored in AD. You should only have an AD user
that is also a Unix user, forget the Samba user, it is the old way of
doing things.

> 
> Here are some useful outputs of wbinfo:
> 
> 
> > I have no name!@bd21:~$ id
> >
> > uid=12369 gid=10513(domain users) groups=10513(domain
> >> users),12369(zhangyy),14222(certsvc_dcom_access),1000002(BUILTIN\users)

Hmm, you also seem to have a group called 'zhangyy', this isn't allowed
with AD.

> >
> > I have no name!@bd21:~$ wbinfo -n zhangyy
> >
> > S-1-5-21-2473489792-1370047036-1446391509-2369 SID_USER (1)
> >
> > I have no name!@bd21:~$ wbinfo --uid-to-sid=12369
> >
> > S-1-5-21-3437994910-1777336544-1996716333-1009
> >
> > I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
> >> 3437994910-1777336544-1996716333-1009
> >
> > 12369
> >
> > I have no name!@bd21:~$ wbinfo --sid-to-name=S-1-5-21-
> >> 3437994910-1777336544-1996716333-1009
> >
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> >
> > Could not lookup sid S-1-5-21-3437994910-1777336544-1996716333-1009
> >
> > I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
> >> 2473489792-1370047036-1446391509-2369
> >
> > 12369
> >
> >
> >
> The sid of my user differed from that on the AD server. And the
> current sid cannot be mapped to the name. (Is this the cause of
> losing my name)
> 
>  And I tried to fix the mapping by the following command but failed.
> 
> I have no name!@bd21:~$ wbinfo --set-uid-mapping=12369,S-1-5-
> >> 21-2473489792-1370047036-1446391509-2369
> >
> > failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED
> >
> > Could not create or modify uid to sid mapping
> >
> >
> I also tried to delete winbindd_idmap.tdb and restart the computer
> but this did not fix the uid-sid mapping.
> 
> And I also found that deleting a smb user whose username is identical
> to an AD user will change AD user's sid (maybe locally?). But I don't
> know if this is the cause of the problem.

No the problem is that you don't understand how AD works, you only
store a user in AD and then make that user a Unix user.
 
> 
> I have put the smb.conf at the end of this email. And I need your
> help to fix the problem.
> 
> Thank you very much.
> 
> 
> smb.conf
> 
> [global]
> >
> >         security = ads
> >
> >         realm = LAB.ACT.BUAA.EDU.CN <http://lab.act.buaa.edu.cn/>
> >
> > # If the system doesn't find the domain controller automatically,
> > you may
> >> need the following line

You could paraphrase that commented line as 'If you need the following
line, you have BIG problems'

> >         password server = 192.168.0.3

Or in other words, you should remove the above line and let Samba find
the AD DC

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba