Hi all! I finally found partial but satisfying decision of my problem with FreeBSD 7.2 AD member problem, posted early on this list. I was unable to get idmap_rid working and now I am using idmap_tdb backend. My problem is: when AD server (Windows 2003, only one server) is restarted parts of IDMappings are lost and not restored until Samba is restarted. After restart SIDs are mapped to exacts UIDs and GIDs, so my ACLs are not messed up. But I think it is difficult to restart Samba server every time Windows restarts. When problem (restart) occurs I find following messages in my logs: [2009/11/22 17:51:02, 1] winbindd/winbindd_ads.c:lookup_groupmem(1137) lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying... [2009/11/22 17:51:02, 0] lib/util_sock.c:write_data(1139) write_data: write failure. Error = Broken pipe [2009/11/22 17:51:02, 0] rpc_client/cli_pipe.c:rpc_api_pipe(930) rpc_api_pipe: write_data returned Broken pipe Here is my smb.conf [global] netbios name = SMBERVER workgroup = DOMAIN realm = DOMAIN.LOCAL server string = Samba Server security = ADS log level = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 500 password server = 192.168.1.10 winbind enum users = Yes winbind enum groups = Yes ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 template homedir = /var/spool/vacation/DOMAIN template shell = /sbin/nologin winbind separator = _ # FreeBSD pw has some issues with /,\ or + signs case sensitive = No hosts allow = 192.168.1. 10.1.55. 127.0.0.1 interfaces = localhost, nfe0 bind interfaces only = Yes I'm looking forward any advice Thanks in advance, Ivo -- View this message in context: http://old.nabble.com/Samba-3.3.9-IDMAP-problem-tp26466387p26466387.html Sent from the Samba - General mailing list archive at Nabble.com.