Greetings list, This sounds sort of twisted but in its essence Windows ADS has an LDAP server too, so here is what I do hoping it'll work: 1. Install Utilities and SDK for UNIX-based application and Identity Management for UNIX on Windows server 2003, create a new OU named "idmap". 2. Configure smb.conf as per Samba HOWTO chapter 14 "IDMAP storage in LDAP using winbind" ldap admin dn = cn=administrator,cn=users,dc=mydom,dc=com ldap idmap suffix = ou=idmap ldap suffix = dc=mydom,dc=com idmap backend = ldap:"ldap://<my windows domain controller, also LDAP server>" idmap uid = 10000-1000000 idmap gid = 10000-1000000 3. Join the domain, fine; run ldapsearch, fine; wbinfo -u, fine; wbinfo -g, fine. 4. Problem: wbinfo -i <domain user>, doesn't work, something wrong with idmap allocator, see the log ==> /var/log/messages <=2011 Nov 17 18:48:47 winterfell_01 [err] winbindd[21121]: [2011/11/17 18:48:47.830454, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) 2011 Nov 17 18:48:47 winterfell_01 [err] winbindd[21121]: idmap_alloc module tdb already registered! 2011 Nov 17 18:48:47 winterfell_01 [err] winbindd[21121]: [2011/11/17 18:48:47.830566, 0] winbindd/idmap.c:149(smb_register_idmap) 2011 Nov 17 18:48:47 winterfell_01 [err] winbindd[21121]: Idmap module passdb already registered! 2011 Nov 17 18:48:47 winterfell_01 [err] winbindd[21121]: [2011/11/17 18:48:47.830608, 0] winbindd/idmap.c:149(smb_register_idmap) 2011 Nov 17 18:48:47 winterfell_01 [err] winbindd[21121]: Idmap module nss already registered! 2011 Nov 17 18:48:47 winterfell_01 [err] winbindd[21121]: [2011/11/17 18:48:47.833394, 0] winbindd/idmap.c:599(idmap_alloc_init) 2011 Nov 17 18:48:47 winterfell_01 [err] winbindd[21121]: ERROR: Initialization failed for alloc backend, deferred! So this looks like Samba/winbind can read but cannot write to Windows LDAP backend, hence no domain users get any UID, is this so? Any possibility to fix this? p.s. I also tried openLDAP on Linux as IDMAP backend, it works very smooth with Samba. Cheers -David