Comments on: How to Manage Samba4 AD Infrastructure from Linux Command Line – Part 2

By: Sysadmin

Sysadmin — Sat, 27 Jul 2024 07:14:24 +0000

I can also recommend a GUI tool called the Active Directory Management Center (ADMC) that simplifies configuration of User and Computers and Group Policy Manager policies.

By: Christopher Narvaez Hernandez

Christopher Narvaez Hernandez — Sat, 23 May 2020 02:54:15 +0000

Hello All, Anyone knows, why when I´m trying to create a new user, I get /bin/false on the login shell, I already try to modify it, and I can´t log in on the Linux host.

root@svuadc2lux:~# getent passwd

LUXSOLUCIONES\administrator:*:0:100::/home/LUXSOLUCIONES/administrator:/bin/false LUXSOLUCIONES\cnarvaezhz:*:3000016:100::/home/LUXSOLUCIONES/cnarvaezhz:/bin/false LUXSOLUCIONES\luxadmin:*:3000044:100::/home/LUXSOLUCIONES/luxadmin:/bin/false I use this command to add another new user, and get the same result:


root@svuadc2lux:~# samba-tool user add luxadmin --given-name="System" --surname="Administrator" --login-shell=/bin/bash

when i check the samba DB i get this:

root@svuadc2lux:~# ldbsearch  -H /var/lib/samba/private/sam.ldb 'CN=cnarvaezhz'

Sample Output

# record 1
dn: CN=cnarvaezhz,CN=Users,DC=luxsoluciones,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: cnarvaezhz
instanceType: 4
whenCreated: 20200523012953.0Z
uSNCreated: 54859
name: cnarvaezhz
objectGUID: 10b56ed4-7c3b-45f5-bbd9-856585ee8161
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-270612473-4248026028-3571129099-1103
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: cnarvaezhz
sAMAccountType: 805306368
userPrincipalName: cnarvaezhz@luxsoluciones.lan
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=luxsoluciones,DC=lan
pwdLastSet: 132346709931666750
userAccountControl: 512
memberOf: CN=Administrators,CN=Builtin,DC=luxsoluciones,DC=lan
loginShell: /bin/bash
whenChanged: 20200523021541.0Z

By: Samuel Åslund

Samuel Åslund — Fri, 28 Feb 2020 12:02:07 +0000

You really should add more warnings for editing the sudoers file.

If it breaks sudo stops working, which probably means that it is non-trivial to fix the problem.

Basically you should always keep the file you are editing open, save it without closing it and try to log in from another terminal and check that sudo access still works before closing the file.

It’s very easy to introduce a syntax error somewhere and suddenly not have any root access, with today’s systems often running without access to a root-password you will have to boot into the single-user mode or a rescue-disk to solve the problem.

By: Lucas L9

Lucas L9 — Tue, 19 Nov 2019 14:14:30 +0000

If you get this error: no directory logging in with home=/. You can also modify /etc/pam.d/common-session to make it so that a user's home directory will be created on the first login. Add the following line to that file. session required pam_mkhomedir.so This is particularly useful if your system is on a network where the users are managed externally to your machine, by LDAP for instance.

By: Lucas L9

Lucas L9 — Tue, 19 Nov 2019 13:51:26 +0000

In reply to Lucas L9. Found my error: Check /etc/nsswitch.conf:

passwd: files winbind
group:  files winbind
hosts:   files dns
networks: files dns