[Samba] rid backed not working

Leszek Gubernat leszek.gubernat at mp.pl
Wed Oct 23 15:49:50 UTC 2019 

Hi All,
I'd like start using 'rid' idmap backed rather than 'tdb' on my member 
servers to keep gidNumbers in sync across the realm INCLUDING the DC. 
Problem is when I execute
member1# getent group "MPD1\group1"
I get no output. The gidNumbers fall within the range of 30000-60000.
pestparm passes nicely. No erros logged whilst executing getent.
Could anyone point me in the right direction? Thank you.


ADDC:
Gentoo hardened; kernel 4.9
Samba 4.5.15 (installed from the distribution)

addc /etc/samba/smb.conf
# Global parameters
[global]
         server role check:inhibit=yes
         dsdb:schema update allowed = yes
         netbios name = ACDC
         realm = SOME.REA.LM
         workgroup = DOMAIN
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = yes
         ldap server require strong auth = no
         unix extensions = no
         security = user
         dns forwarder = 1.2.3.4
         allow dns updates = nonsecure
         log level = 1
         log file = /var/log/samba/log.%m
     ntp signd socket directory = /var/lib/samba/ntp_signd
     time server = yes




member1:
Gentoo hardened 2018; kernel 4.17
Samba 4.11.0 compiled:
./configure --prefix=/usr/local/samba --disable-cups --disable-iprint 
--without-ad-dc



memeber1 /etc/samba/smb.conf
[global]
         netbios name = member1
         realm = SOME.REA.LM
         workgroup = DOMAIN
         security = ADS
         log level = 2
         max log size = 50000
         log file = /var/log/samba/log.%m
         idmap config * : backend = tdb
         idmap config * : range = 20000-25000
         idmap config MPD1 : backend = rid
         idmap config MPD1 : range = 30000-60000




member1 /etc/nsswitch.conf
passwd:      compat files winbind
shadow:      compat files
group:       compat files winbind

hosts:       files dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files


lrwxrwxrwx 1 root root 26 Oct 10 14:33 /lib64/libnss_winbind.so -> 
/lib64/libnss_winbind.so.2
lrwxrwxrwx 1 root root 40 Oct 10 14:32 /lib64/libnss_winbind.so.2 -> 
/usr/local/samba/lib/libnss_winbind.so.2

More information about the samba mailing list