Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] Strange problem with pdbedit -Lv : missing users ?

611 views
Skip to first unread message

Denis BUCHER

unread,
Dec 15, 2014, 3:30:03 PM12/15/14
to


Dear all,
I have a very strange problem with "pdbedit -Lv" under Samba 3.3.10, a
lot of users and machines are missing !

Strangely, all these missing machines and users are working perfectly
well.

The problem is that I need to get their SID to be able to migrate to a
new server...

TECHNICAL DETAILS :

* Samba 3.3.10
* Number of machines :
* Unix : 128 machines
* pdbedit -Lv | grep "Unix" | grep "\$" | wc :
* 13 machines only
* Number of users :

* Unix : 79 domain users
* pdbedit -Lv | grep "Unix" | grep -v "\$" | wc :
* 52 users only !

To be honest I don't absolutely need pdbedit to work, if I can list the
SID of all users by some other mean, it will be OK.

Any help would be greatly appreciated.

Denis

P. S. I saw somewhere that it could be due to missing Unix users, but
these users are not missing.


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Gaiseric Vandal

unread,
Dec 15, 2014, 4:10:03 PM12/15/14
to
What is the backend ? Can you use tdbdump to dump out the local account
info from samba password file?

Denis BUCHER

unread,
Dec 15, 2014, 5:10:04 PM12/15/14
to

Thank you very much for your answer.

It's the default, internal backend. (smbpasswd)

a) If I do :

tdbdump schannel_store.tdb dump | grep BWPC |grep SECRET | wc

I get 95 machines (this number looks good).

b) smbpasswd is a text file that looks good.

c) I can also do "tdbdump secrets.tdb dump"

Thanks a lot in advance for any advice,

Denis

Denis BUCHER

unread,
Dec 16, 2014, 10:20:04 AM12/16/14
to

And I must admin that I really don't know where to search.

Does someone knows where pdbedit is reading the information displayed ?

Denis

Gaiseric Vandal

unread,
Dec 16, 2014, 10:50:02 AM12/16/14
to
the testparm command will show you the location of the password file and
the backend type


e.g.

smb passwd file = /etc/samba/private/smbpasswd
passdb backend = tdbsam

The backend file should be a TDB database file , not a plain text file
(unless left over from an older version.)


You may have users or computers with duplicated SIDs. You should
also use "getent passwd" to verify that unix accounts exist for each
user and computer. Are you using winbind to automatically create unix
users for samba accounts?


you might also want to look at the log files to see what happens when a
"missing" user logs in.

Jeremy Allison

unread,
Dec 16, 2014, 12:10:02 PM12/16/14
to
On Tue, Dec 16, 2014 at 05:59:33PM +0100, Denis BUCHER wrote:
>
>
> Dear Gaiseric,
>
> Yes, according to testparm the backend is a plain text file :
>
> smb passwd file = /etc/samba/smbpasswd
> passdb backend = smbpasswd
>
> Therefore I wonder where the User SIDs are stored ?!

They are made up on the fly via algorithm from the
UNIX user id.

This is an *old* style set up. I recommend you
move to a tdb password backend.

Denis BUCHER

unread,
Dec 16, 2014, 12:10:03 PM12/16/14
to

Dear all,

This problem is not solved but just to keep you informed I found some
kind of work-around:

If I do :

# pdbedit -Lv | grep pmisth

(Nothing is shown, user is missing from pdbedit ???)

But I can do this, if I know the user exists:

# pdbedit -Lv -u pmisth | grep Unix
Unix username: pmisth

Therefore it doesn't solve the problem, but it is enough for me, as what
I need is this:

# pdbedit -Lv -u pmisth | grep "User SID"
User SID: S-1-5-21-4267546850-1930090071-418296841-3302

Denis

Denis BUCHER

unread,
Dec 16, 2014, 12:10:03 PM12/16/14
to

Le 16.12.2014 18:04, Jeremy Allison a écrit :

> On Tue, Dec 16, 2014 at 05:59:33PM +0100, Denis BUCHER wrote:
>
>> Dear Gaiseric, Yes, according to testparm the backend is a plain text file : smb passwd file = /etc/samba/smbpasswd passdb backend = smbpasswd Therefore I wonder where the User SIDs are stored ?!
>
> They are made up on the fly via algorithm from the
> UNIX user id.
>
> This is an *old* style set up. I recommend you
> move to a tdb password backend.

OK thank you for your reply.

My problem came indeed because I needed the SID to configure a new
(LDAP+Samba) replacement server :-)

Therefore I think my work-around (see other post) will be the solution
for me.

Thanks a lot !

Denis

Denis BUCHER

unread,
Dec 16, 2014, 12:10:03 PM12/16/14
to

Dear Gaiseric,

Yes, according to testparm the backend is a plain text file :

smb passwd file = /etc/samba/smbpasswd
passdb backend = smbpasswd

Therefore I wonder where the User SIDs are stored ?!

About "getent passwd", yes all users (active users at least) have a Unix
account.

About the users that are missing in pdbedit, there is not error in
smb.log when they log in. (But I haven't set loglevel to debug)

To create user we are using Unix "useradd" and Samba
"/usr/bin/smbpasswd"

Denis

0 new messages