samba - Dec 2022 - Problem idmap_ad

Hello,

I have a problem with idmap_ad. Only some of our users are mapped and I do not
get why. The working users are not especially low or high uid or sid. The
uidNumber, gidNumber, loginshell and unixhomedirectory are all set with the
correct values, although unix_nss_info is set to no so that only uid and gid
should be neccesary.
ADS is a Windows Server 2016.

idmap_rid is working so that all users can use the shares but with this mapping
they do not get the uid and gid from the ads attributes

The samba installation on Centos 8 is version 4.16.4. The following parameters
are set in the smb.conf:

        idmap config * : backend = tdb
        idmap config * : range = 117000-117999
        idmap config DOMAIN:backend = rid
;       idmap config DOMAIN:backend = ad
        idmap config DOMAIN:schema_mode = rfc2307
        idmap config DOMAIN:range = 1001-116999
        idmap config DOMAIN:unix_nss_info = no
        idmap config DOMAIN:unix_primary_group = yes

        template shell = /bin/bash
        template homedir = /home/%U

        kerberos method = secrets and keytab

        winbind nss info = template
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes

I did already scan all the mailing lists and several other sources but to no
avail. The logs only show NT_STATUS_NO_SUCH_USER but no other clue why there is
no unix uid returned.

Best regards
Matthias Mueller

On 13/12/2022 17:08, Balke IT via samba wrote:
> Hello,
> 
> I have a problem with idmap_ad. Only some of our users are mapped and I do
not get why. The working users are not especially low or high uid or sid. The
uidNumber, gidNumber, loginshell and unixhomedirectory are all set with the
correct values, although unix_nss_info is set to no so that only uid and gid
should be neccesary.
> ADS is a Windows Server 2016.
> 
> idmap_rid is working so that all users can use the shares but with this
mapping they do not get the uid and gid from the ads attributes
> 
> The samba installation on Centos 8 is version 4.16.4. The following
parameters are set in the smb.conf:
> 
>          idmap config * : backend = tdb
>          idmap config * : range = 117000-117999
>          idmap config DOMAIN:backend = rid
> ;       idmap config DOMAIN:backend = ad
You do not appear to be using the 'ad' idmap backend, you have commented
it out.

Also, did your finger get stuck, you asked the same question 5 times.

Rowland