I have samba 4.0.9 as AD DC [global] workgroup = DOMAIN realm = DOMAIN.LOCAL netbios name = DC server role = active directory domain controller dns forwarder = 8.8.8.8 #idmap_ldb:use rfc2307=yes tls enabled = yes tls keyfile = /var/lib/samba/private/tls/sambaKey.pem tls certfile = /var/lib/samba/private/tls/sambaCert.pem tls cafile = allow dns updates = nonsecure template shell = /bin/bash # wbinfo -u Administrator Guest krbtgt tester megatest # getent passwd DOMAIN\Administrator:*:0:100::/home/DOMAIN/Administrator:/bin/bash DOMAIN\Guest:*:3000011:3000012::/home/DOMAIN/Guest:/bin/bash DOMAIN\krbtgt:*:3000023:100::/home/DOMAIN/krbtgt:/bin/bash DOMAIN\tester:*:3000022:100::/home/DOMAIN/tester:/bin/bash DOMAIN\megatest:*:3000024:100::/home/DOMAIN/megatest:/bin/bash And I have samba 4.0.9 as member of samba 4.0.9 AD DC [global] workgroup = DOMAIN realm = domain.local security = ADS netbios name = FILES encrypt passwords = Yes printcap name = cups printing = cups log level = 3 log file = /var/log/samba/%m max log size = 50 map untrusted to domain = Yes winbind trusted domains only = no winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = rfc2307 idmap config *:backend = tdb idmap config DOMAIN:range = 1000-20000000 idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:backend = ad create mask = 0777 directory mask = 0777 # wbinfo -u administrator megatest krbtgt tester guest # getent passwd administrator:*:4294967295:4294967295:Administrator:/home/DOMAIN/administrator:/bin/false megatest:*:4294967295:4294967295:megatest:/home/DOMAIN/megatest:/bin/false krbtgt:*:4294967295:4294967295:krbtgt:/home/DOMAIN/krbtgt:/bin/false tester:*:4294967295:4294967295:tester:/home/DOMAIN/tester:/bin/false guest:*:4294967295:4294967295:Guest:/home/DOMAIN/guest:/bin/false file server doesn't work!!!
you did not set up the uidnumber/gidnumber attributes. please read the wiki for examples of correct idmap configurations and setting up the accounts for that idmap module