samba - Mar 2022 - Samba forces domain members to use winbind now

Our Solaris Samba version last working without winbind is 4.13.8

The broken version is 4.13.14

Our UNIX LDAP (Oracle OUD) has the UNIX uid and gid info (also shell, homedir
and a few other things like employee number) and supports shell login for some
users as well as the uid/gid mapping for all our SAMBA users

Our AD does not contain the required UNIX info

smb.conf ..

[global]
        workgroup = XXX
        realm = XXX.YYYY.COM
        server string = xxxxxxx
        netbios name = xxxxxxx
        security = ADS
       log level = 1
       log file = /var/samba/log/log.%m
        max log size = 5000
        preferred master = No
        local master = No
        domain master = No
        read only = No
        hosts allow = XXX.XXX., XX., XXX.
        short preserve case = No
        dos filetime resolution = Yes
        server signing = mandatory
        acl allow execute always = True
        load printers = No
        printcap name = /dev/null
        printing = bsd
        include system krb5 conf = no
        smb2 leases = No

[tmp]
        comment = UG NX / TCE mappings (X-drive)
        path = /tmp
        create mask = 0644
        directory mask = 0754
        inherit permissions = Yes
        browseable = No
        valid users = xxxxxxx


----------------------------------------------------------------------
This is an e-mail from General Dynamics Land Systems. It is for the intended
recipient only and may contain confidential and privileged information.  No one
else may read, print, store, copy, forward or act in reliance on it or its
attachments.  If you are not the intended recipient, please return this message
to the sender and delete the message and any attachments from your computer.
Your cooperation is appreciated.

On Thu, 2022-03-03 at 19:57 +0000, Vaughan, Robert J via samba
wrote:
> Our Solaris Samba version last working without winbind is 4.13.8
No it wasn't, the last it worked for you was 4.13.8
> 
> The broken version is 4.13.14
> 
> Our UNIX LDAP (Oracle OUD) has the UNIX uid and gid info (also shell,
> homedir and a few other things like employee number) and supports
> shell login for some users as well as the uid/gid mapping for all our
> SAMBA users
> 
> Our AD does not contain the required UNIX info
It would be easier if it did, all the rfc2307 attributes are available.
> 
> smb.conf ..
> 
> [global]
>         workgroup = XXX
>         realm = XXX.YYYY.COM
>         server string = xxxxxxx
>         netbios name = xxxxxxx
>         security = ADS
>        log level = 1
>        log file = /var/samba/log/log.%m
>         max log size = 5000
>         preferred master = No
>         local master = No
>         domain master = No
>         read only = No
>         hosts allow = XXX.XXX., XX., XXX.
>         short preserve case = No
>         dos filetime resolution = Yes
>         server signing = mandatory
>         acl allow execute always = True
>         load printers = No
>         printcap name = /dev/null
>         printing = bsd
>         include system krb5 conf = no
>         smb2 leases = No
One problem you have is that you do not have any 'idmap config' lines,
presumably because you have been using sssd.

What do you use the ldap for ? Just authentication, or is there data
stored in it ?

If it is just authentication, are you up to changing the ID numbers ?

Rowland