for you information: because I use security=user, I don't have kerberos enabled on my samba server Hello I have some questions regarding the idmap backend. Does this only work when you've have joined your samba server to the AD domain (security = ADS)? I would like to map SID to uids/gids on a samba server that has a trust with an AD server. In my setup I have established a trust between samba and AD; they are both PDC's. smb.conf idmap domains = PCLABTEST idmap config PCLABTEST:backend = ad idmap config PCLABTEST:default = yes idmap config PCLABTEST:range = 100 - 3000000000 idmap alloc backend = tdb idmap alloc config:range = 100 - 300000000 ==> /var/log/samba/winbindd.log [2007/09/21 09:56:31, 1] nsswitch/idmap_ad.c:ad_idmap_cached_connection_internal(115) ad_idmap_init: failed to connect to AD [2007/09/21 09:56:31, 1] nsswitch/idmap_ad.c:idmap_ad_sids_to_unixids(514) ADS uninitialized [2007/09/21 09:56:31, 2] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1148) ERROR: NTSTATUS = 0xc0000001 ps: I have configured samba with these options included (--with-shared-modules=idmap_ad --with-ads) and have installed "Identity management for Unix" on the AD server. I have given a user a uid & gid in AD. If I do an strace of the winbind proces, I can see both the uidNumer and gidNumber, both samba does not pick it up. uidNumber1\204\0\0\0\7\4\005100000\204\0\0\0\30\4\tgidNumber1\204\0\0\0\7\4\005100000\204\0\0\0%\4\2 Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm