[Samba] Winbind idmap_rid - no members in "domain users" .....

Geoffrey Scott geoffs at guestshire.com
Fri Jan 13 02:31:28 GMT 2006

 On my ADS member server it doesn't show any members of GUESTSHIRE\domain
users:x:5513: using getent group

Is this normal behavior?  If not any ideas how do I fix it?

Out of curiosity I shutdown winbind and samba, deleted all *.tdb files (
except secrets) and restarted them.  Same thing happens. There are no users
in there...  But if I check in AD users and computers my users are all
members of "domain users"

This wouldn't have been where template primary group = "Domain Users" was
useful would it? I know it has now been removed as an option, but would it
have fixed this problem in the past?

Global below:

        workgroup = GUESTSHIRE
        server string = Guests_NSW File & Print server
        security = ADS
        allow trusted domains = No
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        printcap name = CUPS
        addprinter command = /usr/local/bin/smbaddprinter.pl
        panic action = /usr/share/samba/panic-action %d
        idmap backend = idmap_rid:GUESTSHIRE=5000-1000000
        idmap uid = 5000-1000000
        idmap gid = 5000-1000000
        template homedir = /home/%U
        template shell = /bin/bash
        winbind nested groups = Yes
        printer admin = "@GUESTSHIRE\Domain Admins"
        printing = cups
        print command =
        lpq command = %p
        lprm command =

More information about the samba mailing list