Glad to hear it worked fine for you.
All the best.
On 24 Oct 2024 at 12:06 +0100, Francesco Malvezzi <francesco.malvezzi at
unimore.it>, wrote:> Another approach is to remove ?idmap_ldb rfc2307 = yes' from your DCs.
>
> You most likely don't need it, and it tends to complicate things
> unnecessarily. For more information, check out this article:
>
> http://samba.bigbird.es/doku.php?id=samba:no-need-for-use-rfc2307
>
> Feedback welcome.
>
> [...]
> >
> > It is not so much what you are missing, it is probably what you have
> > got ;-)
> >
> > The situation hasn't changed, Domain Admins still needs to own
things
> > in sysvol and cannot if it has a gidNumber attribute, so remove it and
> > run 'net cache flush' everywhere on Unix land.
> >
> > If you must have a Domain Admins type group on Unix, then create one
in
> > AD, give that a gidNumber attribute and join it to Administrators.
> >
> > Rowland
>
>
> thank you so much for your help, the topic is much clearer to me now.
>
> I need idmap_ad elsewhere on the domain so I got Luis suggestion, that
> works great!
>
> Francesco
>
>
>