[Samba] Unix Attributes not working as expected in a member server

[Rowland Penny]

On 27/04/2023 11:15, Luis Peromarta via samba wrote:
> Net cache flush did not work :(
> 
> samba-tool user show luis
> 
> This works on the DC, not on the member server. Attributes are there:
> 
> dn: CN=Luis Peromarta,OU=users_Otros,DC=mad,DC=mater,DC=int
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Luis Peromarta
> sn: Peromarta
> givenName: Luis
> instanceType: 4
> whenCreated: 20180703164234.0Z
> displayName: Luis Peromarta
> uSNCreated: 5927
> name: Luis Peromarta
> objectGUID: b0c9f82a-38b1-4fd4-9d16-42804770e1e1
> userAccountControl: 66048
> codePage: 0
> countryCode: 0
> homeDrive: S:
> pwdLastSet: 131799445562688800
> primaryGroupID: 513
> objectSid: S-1-5-21-2152908145-95474353-1514027631-1110
> accountExpires: 0
> sAMAccountName: luis
> sAMAccountType: 805306368
> userPrincipalName: luis at mad.mater.int
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mad,DC=mater,DC=int
> msNPAllowDialin: TRUE
> unixUserPassword: ABCD!efgh12345$67890
> uid: luis
> msSFU30Name: luis
> msSFU30NisDomain: mad
> uidNumber: 10005
> gidNumber: 10000
> homeDirectory: \\server\personales\otros\luis
> loginShell: /bin/bash
> lastLogonTimestamp: 133263222073035850
> unixHomeDirectory: /data/users/otros/luis
> whenChanged: 20230427090315.0Z
> uSNChanged: 673555
> lastLogon: 133270628737122350
> logonCount: 1495
> distinguishedName: CN=Luis Peromarta,OU=users_Otros,DC=mad,DC=mater,DC=int

Very strange, the required attributes are there, but winbind doesn't 
seem to be using them.

Not that it should matter, but your idmap config lines should be like this:

         idmap config * : backend = tdb
         idmap config * : range = 3000-7999
         idmap config MAD : backend = ad
         idmap config MAD : schema_mode = rfc2307
         idmap config MAD : range = 10000-999999
         idmap config MAD : unix_nss_info = yes

If all else fails, try restarting Samba

Rowland