Than 'security =ADS' is used, the 'username map' field will be ignored and no mappings are done.
Are you really using 3.0.2 ? I fixed this in 3.0.1 and got reports that it was working. Please provide more details -- are you running winbindd ? What does the username map look like ? What about level 10 debug logs?
mail from ralf.tomczak@bistromathic.com: yes I'm using 3.0.2a. You are right, I'm using winbindd. In regard to the mapping file I tried nearly every simple constellation, like 'root = "Windows User"', 'root = win_user' or 'root = @WIN_Group'. The last variant (windows group to user) I interested to use. I have no level 10 log, but if really needed I will create one. For now this issue is not critical for me because I'm using the 'admin users' entry in smb.conf. Please note I have tested 'username map' with 'winbind default domain = yes', but this caused problems with the ACLs (the secondary group information was not visible for samba nad I got denies, but commands like group had worked).
This is by design. If nss_winbindd knows about the account you will get that user. 'username map' should apply to real unix accounts, not winbindd users.
Jeremy though it was a good idea to apply username map to every user.
fix is included in the patch for bug 1165 already checked into CVS.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup