[Samba] idmap weirdness - wildcard values being used instead of rfc2307 AD values

Doug Meredith doug.meredith at skyridge.com
Thu Oct 30 05:29:16 MDT 2014

I've done a lot of research on this and haven't been able to solve the
problem.  Hopefully someone here has a better understanding of this than I

The problem is that the UIDs and GIDs are not being fetched from AD.  For
example "getent passwd doug" returns:

doug:*:70003:70005:Doug Meredith:/home/DSTRC/doug:/bin/false

My full name has correctly been pulled from AD but the UID specified in AD
is 20001 and the group is 10000.  The values shown above are obviously
coming from the wildcard idmap specified in my smb.conf, but I'm at a loss
as to why.  This occurs for all users and all groups.

Platform is FreeBSD 10 and I'm using Samba 4.1.13.   Full smb.conf is
bellow.  Any help would be very much appreciated.

   workgroup = DSTRC
   security = ADS
   realm = DSTRC.ORG
   encrypt passwords = yes

   idmap config *:backend = tdb
   idmap config *:range = 70001-80000
   idmap config DSTRC:backend = ad
   idmap config DSTRC:schema_mode = rfc2307
   idmap config DSTRC:range = 500-40000

   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes

   vfs objects = zfsacl
   map acl inherit = Yes
   store dos attributes = Yes

   printcap name = /dev/null
   load printers = no
   disable spoolss = yes
   printing = bsd

   path = /pool1/media
   comment = Movies, TV and music
   read only = no

More information about the samba mailing list