[Samba] Security = ADS and uidnumbers

[Jim Potter]

Hi all,

I'm trying to set up a samba (3.6.6, debian wheezy 64bit) member server on
a 2008R2 domain. I'd like to be able to specify the uidnumbers users get on
here in AD but I'm getting really erratic results.

I've tried changing various range options, and as far as I can tell it
works sometimes, but not others - don't know why.

I have 2 users I've specifically set up, with uidnumbers in their AD
objects set:

jpotter - uidnumber 2449
jingram - uidnumber 2337

Here is an excerpt from getent passwd:
jingram:*:2338:20000:June Ingram:/home/BECAUSE/jingram:/bin/false
jpotter:*:20007:20000:Jim Potter:/home/BECAUSE/jpotter:/bin/false

- so it works for June but not Jim...

I've tried deleting all tdb files in /var/lib/samba and /var/cache/samba
and rejoined domain, and these uidnumbers seem to stick. I can't find them
in AD anywhere. Does anyone know what gives here?

cheers

Jim

Here is the smb.conf file:
[global]
        security = ADS
        workgroup = because
        realm = BECAUSE.ORG.UK

        log level = 3
        log file = /var/log/samba/log
        load printers = no

        idmap cache time = 1800

        winbind enum users = Yes
        winbind enum groups = Yes

        winbind nss info = rfc2307
        winbind use default domain = Yes
        winbind refresh tickets = yes
        winbind normalize names = yes

        idmap config * : base_rid = 0
        idmap config * : backend = tdb
        idmap config * : range = 1000 - 60000

#       idmap config BECAUSE : default = yes
#       idmap config BECAUSE : backend  = ad
#       idmap config BECAUSE : schema_mode = rfc2307
#       idmap config BECAUSE : range    = 1000-8000
#       idmap config BECAUSE : cache time = 1800
###     idmap alloc config:range = 5000-9999