[Samba] Problem idmap_ad

edv at balke-hamburg.de edv at balke-hamburg.de
Tue Dec 13 17:08:14 UTC 2022


I have a problem with idmap_ad. Only some of our users are mapped and I do not get why. The working users are not especially low or high uid or sid. The uidNumber, gidNumber, loginshell and unixhomedirectory are all set with the correct values, although unix_nss_info is set to no so that only uid and gid should be neccesary.
ADS is a Windows Server 2016.

idmap_rid is working so that all users can use the shares but with this mapping they do not get the uid and gid from the ads attributes

The samba installation on Centos 8 is version 4.16.4. The following parameters are set in the smb.conf:

        idmap config * : backend = tdb
        idmap config * : range = 117000-117999
        idmap config DOMAIN:backend = rid
;       idmap config DOMAIN:backend = ad
        idmap config DOMAIN:schema_mode = rfc2307
        idmap config DOMAIN:range = 1001-116999
        idmap config DOMAIN:unix_nss_info = no
        idmap config DOMAIN:unix_primary_group = yes

        template shell = /bin/bash
        template homedir = /home/%U

        kerberos method = secrets and keytab

        winbind nss info = template
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes

I did already scan all the mailing lists and several other sources but to no avail. The logs only show NT_STATUS_NO_SUCH_USER but no other clue why there is no unix uid returned.

Best regards
Matthias Mueller

More information about the samba mailing list