Thank you very much for your reply! I commented the correct line in my tries to get this working. I have partial success WITHOUT idmap backend, with following smb.conf:
[global] netbios name = SERVER workgroup = DOMAIN realm = DOMAIN.LOCAL server string = Samba Server security = ADS username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 # printcap name = CUPS ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 # template primary group = "Domain Users" // seems no longer supported template shell = /sbin/nologin # winbind separator = + // backslash is OK for me # printing = cups hosts allow = 192.168.1. 10.1.55. 127.0.0.1 interfaces = localhost, nfe0 bind interfaces only = Yes [pub] comment = Public path = /var/samba/pub guest ok = No browseable = Yes I can join the AD, see users with wbinfo -u and I can not find the users with getent passwd! I can still chown a folder stating "DOMAIN\user or group" and in ls -l owner:group is displayed OK. When I add: idmap backend = idmap_rid:DOMAIN=10000-100000000 I get the warning: [2009/11/12 23:17:45, 1] winbindd/idmap.c:parse_idmap_module(244) idmap_init: idmap backend uses deprecated 'idmap_' prefix. Please replace 'idmap_rid:DOMAIN=10000-100000000' by 'rid:DOMAIN=10000-100000000' Now I see only uid/gid for previously chowned directory, no users with getent ... Changing the syntax according to message changes nothing. winbindd log shows something like: [2009/11/12 23:19:20, 1] winbindd/winbindd_group.c:getgrgid_recv(1015) could not convert gid 10005 to sid I have my partial success back commenting the idmap backend. I still can't see all domain users / groups neither with getent nor pw usershow -a -- View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26326852.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
