according to our smb.conf man page on "winbind nss info": --snip- This parameter is designed to control how Winbind retrieves Name Service information to construct a user's home directory and login shell. Currently the following settings are available: · template - The default, using the parameters of template shell and template homedir) · <sfu | sfu20 | rfc2307 > - When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server. For SFU 3.0 or 3.5 simply choose "sfu", if you use SFU 2.0 please choose "sfu20". Note that retrieving UID and GID from your ADS-Server requires to use idmap config DOMAIN:backend = ad as well. The primary group membership is currently always calculated via the "primaryGroupID" LDAP attribute. --snap-- Setting winbind nss info on a security=ads member server (with idmap backend ad for the domain) to sfu or rfc2307 however not even the home directory or login shell is retrieved from LDAP. Currently you NEED to set "use idmap config DOMAIN:backend = ad" if you want to get the the unixHomeDirectory or loginShell attributes evaluated. In that case also the value of winbind nss info is completely ignored.
hm,, Björn im trying to check this but i dont get what your saying.. It looks like your trying an not supported settings. i would have expected this in the man smb.conf winbind nss info (G) predicated As of samba 4.6+ replaced by ... At least that what it says here. https://wiki.samba.org/index.php/Idmap_config_ad .. .. ahh.. now i get it.. man smb.conf is showing incorrect info and needs an update.
fixed in master with 55fbd4c05b477e95920b53b94eda2572e075e6e1, This does also cleanly cherry-pick to 4.10 and 4.11, Karo, can you add the fix to those branches, please?
Created attachment 15727 [details] patch for 4.11
Created attachment 15728 [details] patch for 4.10
Pushed to autobuild-v4-{11,10}-test.
(In reply to Karolin Seeger from comment #5) Pushed to both branches. Closing out bug report. Thanks!