Some time back I upgraded a domain controller (Solaris 10) from samba 3.0.x to 3.4.5 In order to support interdomain trusts I am using winbind and idmap allocation with a samba backend. Since the upgrade it appears that samba is no allocating uid and gid's for trusted domain. my smb.conf looks something like: ---------------------------------------------------------------------------------------------------------------------------- winbind enum users = Yes winbind enum groups = Yes winbind use default domain = no winbind trusted domains only = no # The "idmap domains" has been deprecated in 3.4 # idmap domains = DOMAIN_A DOMAIN_B DOMAIN_C # Next two lines restored in 3.4 - but prob don't need idmap uid = 30000-59999 idmap gid = 30000-59999 idmap config DOMAIN_A:backend = ldap idmap config DOMAIN_A:readonly = no idmap config DOMAIN_A:default=no idmap config DOMAIN_A:ldap_base_dn = ou=domain_a,ou=idmap,o=mydomain.com idmap config DOMAIN_A:ldap_user_dn = cn=Directory Manager idmap config DOMAIN_A:ldap_url = ldap://ldap1.domain.com idmap config DOMAIN_A:range = 30000-39999 idmap config DOMAIN_B:backend = ldap idmap config DOMAIN_B:readonly = no idmap config DOMAIN_B:default=no idmap config DOMAIN_B:ldap_base_dn = ou=domain_b,ou=idmap,o=mydomain.com idmap config DOMAIN_B:ldap_user_dn = cn=Directory Manager idmap config DOMAIN_B:ldap_url = lldap://ldap1.domain.com idmap config DOMAIN_B:range = 40000-45999 .... ---------------------------------------------------------------------------------------------------------------------------- Domain_A (Windows 2003 AD in Mixed mode) has entries from prior to the upgrade and hasn't had new accounts added recently. Domain_B (Windows 2008 in Windows 2003 mode) is a new addition. No idmap entries ever populated. They should have populated after I ran "wbinfo -u" and "getent passwd" on the samba PDC. Any ideas? Thanks