I configured the mapping backend in smb.conf like this:
idmap backend = rid:MYDOMAIN=10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
Like documentation said,
"... This way all domain members and controllers will have the same UID and GID to SID mappings. ... "
But i got 3 machines, 2 got the same mappings - but the other one, same configuration like the rest, mapps differently, which is really a pain because nfs and other services cant be run.
I dont know where to look elsa for errors, logs shows nothing - it works, but winbind maps wrong.
Please make sure that you do nat have existing mapping in
winbindd_idmap.tdb on the problematic machine. beyond that, there's
not enough information here to move forward. We need gzipped level
10 debug logs from winbindd and smbd. You can also run wbinfo -S <SID>
on each machine to test the SID -> uid/gid resolution. It should return
the same uid on each machine.
And also make sure that there are not pre-existing users conflicting
with the idmap uid or gid range in smb.conf
Thx for hint - an existing mapping file caused the error - deleted all on all machines and now it works.