The Samba-Bugzilla – Bug 3289
using "idmap uid" and "idmap gid" is required, though not needed
Last modified: 2006-05-31 13:38:27 UTC
Today I updated our samba server to 3.0.20b with samba debian packages. After upgrading, everything but uid,gid<->sid conversion worked. wbinfo -U/-S/-G were no longer successfull.
Our setup is as follows:
All our Windows users are also avaible to unix with the same username via nss_ldap. So Samba should only lookup the username via nss and msrpc do the conversion afterwards. Due to the fact that we use no dynamic mapping between uid,gid and sid "idmap uid/gid" was left empty up to now in smb.conf.
And this lead to the failure:
The new winbindd implementation requires in the function winbindd_param_init in the file nsswitch/winbindd_util.c the presence of these configuration options, otherwise main in winbindd.c sets the winbind daemon in a proxy_only state, in which he doesnt do any conversion!
Setting "idmap uid = 999-1000" and "idmap gid = 999-1000" solved the problem for the moment for me, but i think requiring this parameter is senseless.
severity should be determined by the developers and not the reporter.
Are you using "winbind trusted domains only" ? Please also post your smb.conf.