getent passwd | grep isaev return isaev_ef:*:10250:10000: bla-bla-bla getent group | grep project return project-ias:x:10132:Isaev_EF, bla-bla-bla Windind conver logins returned as passwd database memebers to lower case, while keep case for logins returned as group memebers. This behaivor prevent AD group memebersip checking. patch: file source/winbindd/winbindd_group.c function static NTSTATUS expand_groups ....... ....... /* Separate users and groups into two lists */ for ( j=0; j<num_names; j++ ) { /* Users */ if ( name_types[j] == SID_NAME_USER || name_types[j] == SID_NAME_COMPUTER ) { /* vsplus ++ */ fstring tmp_user; char *ptmp_user = &tmp_user; fstrcpy(tmp_user, names[j]); strlower_m(tmp_user); /* vsplus -- */ status = add_names_to_list( ctx, members, n_members, &ptmp_user, 1 ); /* names+j, 1 ); */ if ( !NT_STATUS_IS_OK(status) ) goto out; continue; } .......
sorry for the long delay, I just checked this and it seems to work with current Samba 4.6 so it seems like this can be maked as fixed. Can you confirm that?