Incomplete domain user list

Simo Sorce simo.sorce at
Thu Sep 14 16:36:34 GMT 2000

Christophe Merle wrote:
> Hi,
> We have a Samba Server 2.0.7 (running on a Solaris 7 system) as PDC for
> NT 4.0 Machines and have the following problem: New added
> Samba Users can log in and use shares from NT-Clients but remaining
> invisible in the "domain user list" of NT. This user list can for
> example be displayed under NT with the dos-command "net user /domain".
> This is a problem when you for example want to give Administrator
> privileges to a user, the NT admin tool displays an incomplete list of
> users in the current domain and it's also impossible to add the desired
> user in the Administrator list. These incomplete user list causes
> several other problems with administration software using this user
> list.
> I have readed that this problem can be caused by inconsistencies in the
> smbpasswd (Also a user that exists in the smbpasswd but not in the
> /etc/passwd). I have wrote a script to check the consistency of each
> user und "thrusted machine" account in my smbpasswd and not found any
> problem. After many days of investigation i have found something very
> interesting:
> I have deleted all "thrusted machine account" from smbpasswd and left
> only the around 400 users in it. Each user can log in and use share from
> NT-Clients, but when I execute the command "net user /domain" the user
> list displayed contains only !! 250 users !!. I first thought the user
> 251 is inconsistent and I have immediatly deleted him from smbpasswd but
> the NT user list still contains 250 users. I think this is the source of
> my problem. Probably this problem is caused by a part of samba that has
> not been yet properly implemented.
> Our samba system work in a production environment so whe have a big
> Problem with it. And the Problem is about to become a disaster when we
> will add soon other 2000 Thousand users on your system.
> Is this limitation a known problem?
> Know somebody this problem and eventually a work around to bypass it?

As said many times and reported on the samba main site and mirrors:
 samba 2.0.x series PDC support is unsupported and above all not

You cannot add users to groups with NT tools and user listing will not
function properly.

If you need true PDC functionality you need to try samba TNG but be
aware this is alpha software and you have to test carefully if you want
to use this code in production environment.

Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at 02 2399 2425 - 02 2399 2451
Be happy, use Linux!

More information about the samba-ntdom mailing list