[Samba] Can't get idmap connected to AD unix attribs

Nick Triantos nick at triantos.com
Mon Jul 9 22:20:46 MDT 2012


I'm trying to get an Ubuntu 12.04 system's Samba (3.6.3) and Winbind to map userids and groups to the unix attributes in an AD 2008 server. I can see that when I perform an ldapsearch, I'm able to read the attributes, and for one of my accounts, the id should be 1001. However, when I run 'wbinfo -i <username>', I get back something like 920.

At one point, I was setting the idmap range to start at 900, but I've since removed that from my config, and restarted winbindd and smbd. I've also tried to 'net cache flush'.

I also see wbinfo -i <someuser> usually returns:
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user <someuser>

The relevant parts of my smb.conf are below. I've tried patching this together from various tuts and help pages. Any guidance would be very helpful.


   workgroup = CORP
   security = ADS
   password server =
   allow trusted domains = yes
   winbind use default domain = yes
   winbind nested groups = YES
   idmap config CORP : backend = tdb
   idmap config CORP : default = yes
   idmap config CORP : schema_mode = rfc2307
   idmap config CORP : range = 1000 - 9999
   idmap config * : backend = tdb
   encrypt passwords = true
   obey pam restrictions = yes
   client use spnego = yes
   client ntlmv2 auth = yes
   encrypt passwords = true
   restrict anonymous = 2
   unix password sync = yes
   winbind enum groups = yes
   winbind enum users = yes
   winbind nss info = rfc2307

More information about the samba mailing list