There is a bug in winbind/nss: When there are MANY (1000+ here) AD users and
FEW (20 here) of them actually have a unix mapping (we use idmap_ad with
uidNumber attributes), listing the users ("getent passwd") and groups fails.
The reason is that winbindd_getpwent (nsswitch/winbindd_user.c) and
winbindd_getgrent (nsswitch/winbindd_group.c) fetch users/groups in chunks of
250 by default. If there is no unix-mapped user within a chunk, it will fail
without further searching the user list. The attached patchs changes the
behaviour to fetch users until there are 250 users who have actually a
Created attachment 1396 [details]
See also BZ#3660?
*** Bug 3660 has been marked as a duplicate of this bug. ***
Correct - thanks. I've fixed in SAMBA_3_0, SAMBA_3_0_25 and SAMBA_3_0_26 trees. Probably too late for 3.0.25 but will make any subsequent release.