It works for us with Rocky Linux 8.8 and Samba 4.17.5. DCs are Samba 4.18.2.
Looking at your conf I see this:
I do _not_ have this:
idmap config DOMAIN:unix_primary_group = yes
I have and you don't:
disable netbios = yes
smb ports = 445
server min protocol = SMB2
client min protocol = SMB2
Different:
kerberos method = secrets and keytab
And this is deprecated:
winbind nss info = rfc2307
see here:
https://wiki.samba.org/index.php/Idmap_config_ad
Maybe some things to try. I know another "it works for me" is not
always helpful...
Regards
Christian
Am Mittwoch, dem 31.05.2023 um 10:12 -0300 schrieb Dale Renton via
samba:> Is anyone using Rocky Linux or AlmaLinux or RHEL 8.8 as a Samba Domain
> Member joined to a Samba Active Directory Domain?
>
> realm list returns :
> ad.example.com
> ? type: kerberos
> ? realm-name: AD.EXAMPLE.COM
> ? domain-name: ad.example.com
> ? configured: kerberos-member
> ? server-software: active-directory
> ? client-software: winbind
> ? required-package: oddjob-mkhomedir
> ? required-package: oddjob
> ? required-package: samba-winbind-clients
> ? required-package: samba-winbind
> ? required-package: samba-common-tools
> ? login-formats: %U
> ? login-policy: allow-any-login
>
> /etc/nsswitch.conf
> passwd:???? files winbind systemd
> group:????? files winbind systemd
>
> Thanks,
> Dale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.samba.org/pipermail/samba/attachments/20230531/2f0bf32c/signature.sig>