Going through the examples and reading through the wiki's I still have not found exactly what I was looking for in matching uid's and gid's. using samba samba3-3.0.32-36 We currently have a domain controller Samba/LDAP PDC. samba-3.0.20b-1 Previous member servers samba-3.0.10-1.4 and I went to add a member server. Now I find that users and groups don't match. So from previous postings I have surmised that this has all changed and to get uid's and gid's to match across member servers you need to install an LDAP server on each Member Server and then use this as the backend for that system. So what I have seen thus far the idmap uid = idmap gid = have not effect on the outcome of uid's and gid's on the server anymore. I have tried /etc/nsswitch.conf passwd files winbind shadow files group files winbind and then tried passwd file ldap shadow file ldap group file ldap Using winbind would give me groups, but not what I was expecting. I would get no info on users or groups for the domain. Using ldap I would receive no precursor for users or groups using wbinfo or getent, but the users and groups would show up. The uid and gid had no correlation to idmap uid or idmap gid. Nov 13 19:36:35 IET0245Q slapd[25398]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18) Nov 13 19:36:35 IET0245Q slapd[25398]: daemon: select: listen=8 active_threads=0 tvp=NULL Nov 13 19:36:35 IET0245Q slapd[25398]: <= bdb_equality_candidates: (sambaSIDList) index_param failed (18) Nov 13 19:36:35 IET0245Q last message repeated 4 times Nov 13 19: [global] unix charset = LOCALE workgroup = GUM netbios name = GUM01B_TEST security = DOMAIN username map = /etc/samba/smbusers log level = 10 syslog = 0 log file = /var/log/samba/samba2.log smb ports = 139 name resolve order = wins bcast hosts printcap name = /etc/printcap domain master = No wins server = 192.168.1.239 ldap admin dn = cn=Manager,dc=GUM,dc=COM ; ldap group suffix = ou=Group ; ldap idmap suffix = ou=Idmap ; ldap machine suffix = ou=Computers ; ldap suffix = dc=GUM,dc=COM ; ldap user suffix = ou=People ; idmap backend = ldap://192.168.1.245 idmap uid = 10000-20000 ; idmap gid = 10000-20000 ; winbind enum users = Yes winbind enum groups = Yes winbind trusted domains only = Yes [GUMSHARE] comment = GUMSHARE path = /RAIDDEVICE/GUMSHARE username = GUM+user1,@"GUM+Domain Users" read list = GUM+user1, "@GUM+Domain Users" write list = "@GUM+Domain Users" read only = No create mask = 0774 security mask = 0774 force security mode = 0770 directory mask = 02777 directory security mask = 0770 force directory security mode = 0770 inherit permissions = Yes hide unreadable = Yes veto oplock files = /GUM.*/