samba - Jun 2021 - NT_STATUS_OBJECT_NAME_NOT_FOUND randomly

>
>      idmap config * : range = 3000-7999
>      idmap config CUSTOMER : backend = rid
>      idmap config CUSTOMER : range = 10000-999999
>
Won't the idmap setting changes change IDs assigned for AD users? This
change can potentially require re-doing permissions on-disk once you've
made it. You might also want to keep a backup of your winbindd_idmap.tdb
file. I'm not saying it's a bad idea, but it's something you will
need to
evaluate and keep in mind while making the changes (and do them in a
maintenance window :))

On 18/06/2021 13:08, Andrew Walker via samba wrote:
>>       idmap config * : range = 3000-7999
>>       idmap config CUSTOMER : backend = rid
>>       idmap config CUSTOMER : range = 10000-999999
>>
> Won't the idmap setting changes change IDs assigned for AD users? This
> change can potentially require re-doing permissions on-disk once you've
> made it. You might also want to keep a backup of your winbindd_idmap.tdb
> file. I'm not saying it's a bad idea, but it's something you
will need to
> evaluate and keep in mind while making the changes (and do them in a
> maintenance window :))

Unfortunately, yes it will, but it is an artefact of not correctly 
setting the 'idmap config' lines in the first place. The OP could find 
out what ID's the users and groups are using now and then use the
'ad'
backend and populate the rfc2307 attributes with the ID's

I do wish people would read our documentation before setting up a Unix 
domain member, it is easier to 'fix' something before it goes into 
production.

Rowland