[Samba] idmap ad and sfu anyone?

[Doug VanLeuven]

Thorsten Hamester wrote:
> Hello
>
>
>> samba SVN 17972, Linux 2.6.16-1.2096
>> That should be about the same as 2.0.23c
>>
>> getent passwd works to list domain accounts
>> getent group works to list domain groups
>> kinit works for domain accounts
>> wbinfo -u lists domain user accounts
>> wbinfo -g lists domain group accounts
>>
>> In order to access roaming profiles and any shares from 2000 & XP 
>> clients, I have to map DOMAIN\username to username in username map.
>> Anyone else running idmap backend=ad and winbind nss info=sfu want to 
>> give me a tip?
>>
>> winbind trusted domains and winbind use default domain have no impact 
>> on this
>>
>> All the unix attributes are configured in AD, sfu group membership 
>> matches unix matches windows membership.
>>
>> Regards, Doug
>>
>
> they changed the default value for default domain and enum users to no 
> so you have to define them in the config file
>
>         winbind use default domain = Yes
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind nss info = RFC2307
>
winbind use default domain = yes or no makes no difference.
I didn't think it was relevant, but winbind enum users and groups are 
already specified = yes.

This problem specifically involves
winbind nss info = sfu
security = ads
idmap backend = ad

This worked for about 2 years while I was using the xad padl 3rd party 
plugin.  I'm only having issues since samba rewrote it and bundled it 
into the main tree and tokenized users & groups.

Thanks anyway, Doug