Environment
Novell SUSE Linux Enterprise Server 10 Service Pack 1
Novell SUSE Linux Enterprise Server 10
Novell SUSE Linux Enterprise Server 9 Service Pack 3
Novell Open Enterprise Server (Linux based) 2
Novell Open Enterprise Server (Linux based) 1 Support
Pack 2
Situation
Not all users on a Samba server appear when Samba is
authenticating users against Active Directory.
- "wbinfo -u" does not show all users
- "getent passwd" does not show all user when Windows Domain authentication is being used
Resolution
The cause is a bad /etc/samba/secrets.tdb file.
- On the Active Directory delete the machine account created for the Samba server
- On the Samba server, shutdown all Samba services (rcsmb stop, rcnmb stop, rcwinbind stop)
- Delete the /etc/samba/secret.tdb file
- Start just the Samba daemon (rcsmb start)
- Add the server back into the domain (net join -S
-U administrator) - Restart all used Samba services
Additional Information
It is strongly recommended to backup any Samba configuration
prior to making this change. The secrets.tdb file holds private
information such as the workstation and machine account passwords,
trust accounts information and administrator information.
Also, if Samba was setup and was authenticating users against
a non-Active Directory back end, i.e. local password file or LDAP,
you will need to delete all the files in the /etc/samba directory
except the smb.conf.
Samba maintains a listing of uids/guids that are mapped
against Samba users, held in /etc/winbindd_idmap.tdb* or any file
that has idmap in its name. In order to maintain file system
consistency, it is recommended that you preserve this file. If this
file is lost, then access controls lists and other file system
permissions may not work and it will require that you recreate the
permissions.