Web lists-archives.com

[Samba] Restore a user?




[As a separate thread, I am going to do  post mortem of how I got here - and what not to do. I have a locked computer logged in as this user - need to unlock and access unsaved content.]

I either need to resore the user or create a new user of the same name and sid.

I am using Version 4.8.2 - commit e64d0d03351ce8fbc1f929fa86dcfd8d56183f35 .

Names have been changed to protect the guilty.

# ldbrename -e nano -H /usr/local/samba/private/sam.ldb  'CN=username\0ADEL:efefde21-48da-4fb0-b47c-9eafcefc45fe,CN=Deleted Objects,DC=domain' CN=username,CN=Users,DC=domain
rename of 'CN=username\0ADEL:efefde21-48da-4fb0-b47c-9eafcefc45fe,CN=Deleted Objects,DC=domain' to 'CN=username,CN=Users,DC=domain' failed - ldb_wait from ldb_rename with LDB_WAIT_ALL: No such object (32)

Reading https://bugzilla.samba.org/show_bug.cgi?id=10371 says this is due to "where restoring an object would cause a duplicate DN". I have checked within my limits, there are not duplicate target DNs.

Selected attributes from the record are:

dn: CN=username\0ADEL:efefde21-48da-4fb0-b47c-9eafcefc45fe,CN=Deleted Objects,DC=domain
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
isDeleted: TRUE
isRecycled: TRUE

Am I having issues because of isRecycled ? - https://bugzilla.samba.org/show_bug.cgi?id=10371 says: "Recycle bin is not a supported feature right now" and "After reading this, I provisioned a new domain _and did not enable the recycle bin_. In this case the ldbmodify works like you described it in the Wiki. It would be great if you could get it working with recycle bin enabled too."

Things I read which do not seem to get me very far:

* http://redtic.uclv.cu/dokuwiki/restoring_deleted_ad_objects
* https://lists.samba.org/archive/samba/2017-August/210589.html
* https://www.google.com/search?q=ldbrename+deleted+object
* https://wiki.samba.org/index.php/User_and_Group_management
* https://wiki.samba.org/index.php/Adding_users_with_samba_tool
* https://www.bing.com/search?q=show+user+sid&rlz=1C1CHZL_enUS740US743&oq=show+user+sid&aqs=chrome..69i57j69i60j0l4.3635j0j7&sourceid=chrome&ie=UTF-8
* https://superuser.com/questions/862802/how-to-change-samba-user-sid
* https://www.google.com/search?q=wiki+samba+active+directory+recycle+bin

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba