Web lists-archives.com

Re: [Samba] Got "I have no name!" error after deleting a samba user whose username is identical to the AD user




Hi,

Thanks for your quick response.

Now I come to a better understanding about Samba and how AD works.

I wonder is there any quick fix for the "I have no name!" problem. Because
I cannot login Ubuntu via SSH.
Now I have to use another user and use `su zhangyy` to use my user.

One more question, is there a proper way to let the AD user shares its home
directory on Samba using the same password?

Thanks for your time and consideration.


2018-05-24 4:34 GMT+08:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

> On Thu, 24 May 2018 04:00:27 +0800
> Yangyang Zhang via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> >  Hi,
> >
> > I am running Samba 4.3.11-Ubuntu on a cluster of Ubuntu 16.04 and
> > Samba is configured as an AD Server.
>
> No it isn't, it is configured as a Unix domain member ;-)
> Also, please define 'cluster'
>

It is a research cluster with 64 high-end machines running Ubuntu 16.04
each. The cluster is shared by many students. There is another windows AD
server and samba on Ubuntu is configured to use AD auth and creates users
for each student.


> >
> > I got "I have no name!" error after deleting a samba user whose
> > username is identical to my Linux username (An AD user).
> >
> > Here is how this happens:
> >
> > The AD user is zhangyy (uid 12369).
> >
> > 1. We used `smbpasswd -a zhangyy` to created a new smb user.
>
> Please give up doing this, you shouldn't be doing this, please use
> 'samba-tool user create zhangyy Pa$$w0rd*' if the AD DC is a Samba one,
> if it is a windows DC, use RSAT.
>
> > 2. We used `smbpasswd -x zhangyy` to delete the newly created smb
> > user.
>
> Again, use samba-tool or RSAT.
>


> >
> > After doing this, I lost my username, and got the "I have no name!"
> > error. and id command showed "no such user" error. But I can get my
> > username by the micro $USER. It is weird.
> >
> > After searching on Google for a while, I came to understand that
> > idmapping may be the problem.
>
> Possibly, but you have a bigger problem, you say you have a samba user
> and a Linux user that is stored in AD. You should only have an AD user
> that is also a Unix user, forget the Samba user, it is the old way of
> doing things.
>
> >
> > Here are some useful outputs of wbinfo:
> >
> >
> > > I have no name!@bd21:~$ id
> > >
> > > uid=12369 gid=10513(domain users) groups=10513(domain
> > >> users),12369(zhangyy),14222(certsvc_dcom_access),1000002(
> BUILTIN\users)
>
> Hmm, you also seem to have a group called 'zhangyy', this isn't allowed
> with AD.
>
> > >
> > > I have no name!@bd21:~$ wbinfo -n zhangyy
> > >
> > > S-1-5-21-2473489792-1370047036-1446391509-2369 SID_USER (1)
> > >
> > > I have no name!@bd21:~$ wbinfo --uid-to-sid=12369
> > >
> > > S-1-5-21-3437994910-1777336544-1996716333-1009
> > >
> > > I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
> > >> 3437994910-1777336544-1996716333-1009
> > >
> > > 12369
> > >
> > > I have no name!@bd21:~$ wbinfo --sid-to-name=S-1-5-21-
> > >> 3437994910-1777336544-1996716333-1009
> > >
> > > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > >
> > > Could not lookup sid S-1-5-21-3437994910-1777336544-1996716333-1009
> > >
> > > I have no name!@bd21:~$ wbinfo --sid-to-uid=S-1-5-21-
> > >> 2473489792-1370047036-1446391509-2369
> > >
> > > 12369
> > >
> > >
> > >
> > The sid of my user differed from that on the AD server. And the
> > current sid cannot be mapped to the name. (Is this the cause of
> > losing my name)
> >
> >  And I tried to fix the mapping by the following command but failed.
> >
> > I have no name!@bd21:~$ wbinfo --set-uid-mapping=12369,S-1-5-
> > >> 21-2473489792-1370047036-1446391509-2369
> > >
> > > failed to call wbcSetUidMapping: WBC_ERR_NOT_IMPLEMENTED
> > >
> > > Could not create or modify uid to sid mapping
> > >
> > >
> > I also tried to delete winbindd_idmap.tdb and restart the computer
> > but this did not fix the uid-sid mapping.
> >
> > And I also found that deleting a smb user whose username is identical
> > to an AD user will change AD user's sid (maybe locally?). But I don't
> > know if this is the cause of the problem.
>
> No the problem is that you don't understand how AD works, you only
> store a user in AD and then make that user a Unix user.
>
> >
> > I have put the smb.conf at the end of this email. And I need your
> > help to fix the problem.
> >
> > Thank you very much.
> >
> >
> > smb.conf
> >
> > [global]
> > >
> > >         security = ads
> > >
> > >         realm = LAB.ACT.BUAA.EDU.CN <http://lab.act.buaa.edu.cn/>
> > >
> > > # If the system doesn't find the domain controller automatically,
> > > you may
> > >> need the following line
>
> You could paraphrase that commented line as 'If you need the following
> line, you have BIG problems'
>
> > >         password server = 192.168.0.3
>
> Or in other words, you should remove the above line and let Samba find
> the AD DC
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba