[Samba] winbind bug?

[Doug Tucker]

>>> Rowland
>> Thanks for the once over.  Helps to have multiple eyes to verify 
>> things.  But in the end I'm still in the same boat and not a single 
>> suggestion to the facts of my issue.  My config does work as long as 
>> the unix ID isn't over 11000 and the client windows 7. Nobody wants 
>> to even acknowledge or touch that.  I've verified it down to every 
>> detail I can think of.  I don't know if you read my threads earlier, 
>> but I can change an existing user to a unix id less than 11000 and 
>> they then work.  Switch them back, broken again.
>>
>> My back end windows server is 2003.
>
> After looking at your smb.conf again, I noticed something, could you 
> try changing the idmap config section to this:
>
>    idmap config *:backend = tdb
>    idmap config *:range = 3000000-3100000
>    idmap config SEAS:backend = rid
>    idmap config SEAS:range = 1000-40000
>    idmap config SEAS:schema_mode = rfc2307
>    idmap config SEAS-S:backend = rid
>    idmap config SEAS-S:range = 40001-60000
>    idmap config SEAS-S:schema_mode = rfc2307
>
> Rowland
>
Before doing so...this server is live...I read a long article on the 
rfc2307 yesterday and my understanding of it was you would only put this 
in your domain configs IF the backend AD had the rfc configuration and 
held the unix uid's, etc..that this would tell samba to look to AD for 
those values (which concerns me to put that in and break all the 
existing users) and we certainly do not have that in our AD here.  Is 
that your understanding of it?  Honestly after reading that article I 
considered taking that out of my config altogether as I didn't think it 
had any real purpose.  I put it IN based on another persons smb.conf 
that had been helpful in solving an auth issue I had early on.