[Samba] No mapping on second fileserver

[Maik Holtkamp]

Hi,

We recently switched our NT4 Domain to AD.

We have 2 AD serves using sernet packages on debian buster with bind9
dns backend, isc-dhcpd updated by the dyndns script.

Files are served by a AD member server (AKA fileserver) on debian
buster, too. It's using the original debian samba packages.

However, I am still far away from calling myself familiar with samba 4
AD :(.

Nevertheless, I thought it was a good idea to bring our backup (AKA
backup) server into the AD domain facilitating the restore of files
deleted by error.

However I can't get the id mapping working on this beast :(.

---cut---
root at backup:~# cat /etc/samba/smb.conf
[global]
    [...]
         winbind use default domain = yes
         winbind refresh tickets = yes
         idmap config * : range = 10000 - 19999
         idmap config ad : backend = rid
         idmap config ad : range = 100000 - 199999
   [...]
root at backup:~# net ads testjoin
Join is OK

root at backup:~# wbinfo -u
.....
maikholtkamp

root at backup:~# cat /etc/nsswitch.conf
...
passwd:         compat systemd winbind
group:          compat systemd winbind
---cut---

however:

---cut---
root at backup:~# getent passwd maikholtkamp
root at backup:~#
---cut--

All configs of this host backup are the same than on the host
fileserver, AFAIK, where the mapping works like a charm:

---cut---
root at fileserver ~ # getent passwd maikholtkamp
maikholtkamp:*:101105:100513:Maik Holtkamp:/home/AD/maikholtkamp:/bin/false
---cut---

Any ideas?

TIA.

--
Mit freundlichen Gruessen/Best regrads                     Maik Holtkamp
Kirchstr. 76                                D-32278 Kirchlengern/Germany
Tel: +49 5223 879202                              Mob.: +49 172 203 5491
e-mail: s-y-l at gmx.net