[Samba] After net rpc vampire of 2000 users admin of user db has problems

Craig White craigwhite at azapple.com
Thu Sep 30 21:13:14 GMT 2004

On Thu, 2004-09-30 at 13:05, Gustavo Lima wrote:
>         Greetings,
> I was able to admin users and machines database via usrmgr.exe in a
> samba3.0.7 + ldap server. I was able to set trusting domains too.
> After I vampired my ex-PDC NT server usrmgr.exe stop working and trusting
> stop to be showed.
> usrmgr.exe gives the error:
> The tag is invalid. Do you want to select another domain to administer?
I have found the following - If you migrate a domain to samba, promote
samba to PDC status, the existing NT4 machine that was the PDC/BDC
doesn't work well and in fact, you have to stop netlogon service to use
it at all. Yours was the type of error I received when running
usrmgr.exe on that machine until I stopped netlogon service.

It is also possible that on your LDAP setup, the machine accounts aren't
being found by samba/LDAP.

User Manager for Domains (usrmgr.exe) does work if you are running it on
a computer attached to the domain and current logon has Domain
Administrator privileges. If it fails to run, one or both of these
issues need to be looked at.
> And net rpc trustdom list -UAdministrator%passwd gives me:
> Trusted domains list:
> OTHER-DOM         S-1-5-21-136393487-307246644-928725530
> Trusting domains list:
> [2004/09/30 16:44:16, 0] utils/net_rpc.c:rpc_trustdom_list(3430)
>   Couldn't enumerate accounts. Error was: NT_STATUS_ACCESS_DENIED
almost sounds like samba is having trouble querying LDAP.
> Is this a known error between samba and ldap?
NO - things can work well when they work
> Other tools that I use to administer the users database also can´t show all
> imported users. Just about 500. Is this correct?
don't know what tools you are talking about but
getent passwd
should give you all of the listings in /etc/passwd first, then all of
the contents in LDAP (similar results for getent group) It is possible
that you can have limits on a return from ldap query but that is beyond
the scope of samba list.


More information about the samba mailing list