Samba as an AD member does not show all users

  • 3430253
  • 24-Oct-2007
  • 30-Apr-2012


Novell SUSE Linux Enterprise Server 10 Service Pack 1
Novell SUSE Linux Enterprise Server 10
Novell SUSE Linux Enterprise Server 9 Service Pack 3
Novell Open Enterprise Server (Linux based) 2
Novell Open Enterprise Server (Linux based) 1 Support Pack 2


Not all users on a Samba server appear when Samba is authenticating users against Active Directory.
  • "wbinfo -u" does not show all users
  • "getent passwd" does not show all user when Windows Domain authentication is being used


The cause is a bad /etc/samba/secrets.tdb file.
  • On the Active Directory delete the machine account created for the Samba server
  • On the Samba server, shutdown all Samba services (rcsmb stop, rcnmb stop, rcwinbind stop)
  • Delete the /etc/samba/secret.tdb file
  • Start just the Samba daemon (rcsmb start)
  • Add the server back into the domain (net join -S -U administrator)
  • Restart all used Samba services

Additional Information

It is strongly recommended to backup any Samba configuration prior to making this change. The secrets.tdb file holds private information such as the workstation and machine account passwords, trust accounts information and administrator information.
Also, if Samba was setup and was authenticating users against a non-Active Directory back end, i.e. local password file or LDAP, you will need to delete all the files in the /etc/samba directory except the smb.conf.
Samba maintains a listing of uids/guids that are mapped against Samba users, held in /etc/winbindd_idmap.tdb* or any file that has idmap in its name. In order to maintain file system consistency, it is recommended that you preserve this file. If this file is lost, then access controls lists and other file system permissions may not work and it will require that you recreate the permissions.