winbind nss info = rfc2307 seems to break idmap, I setup a new 2003R2 domain with a single dc and a samba 3.5.6 server, with winbind nss info = rfc2307 idmap does not work and I cannot list users using wbinfo or other tools. If I run samba with winbind nss info = rfc2307 disabled everything seems to work ok, if I then run samba with winbind nss info = rfc2307 enabled again idmap seems to work for a few seconds and then stops working just before winbind logs this event: Module '/usr/lib64/samba/nss_info/rfc2307.so' loaded For example here I ran a script to run wbinfo -i testuser in a loop and output a timestamp with milliseconds to compare with the samba logs: 2010/10/20 10:21:18.619622 testuser:*:10000:10010:TestUser:/home/TestUser:/bin/sh 2010/10/20 10:21:18.652914 testuser:*:10000:10010:TestUser:/home/TestUser:/bin/sh 2010/10/20 10:21:18.684316 testuser:*:10000:10010:TestUser:/home/TestUser:/bin/sh 2010/10/20 10:21:18.719439 Could not get info for user testuser 2010/10/20 10:21:18.801538 Could not get info for user testuser And here is the nss module event: [2010/10/20 10:21:18.754273, 2] lib/module.c:64(do_smb_load_module) Module '/usr/lib64/samba/nss_info/rfc2307.so' loaded During the first few seconds while mapping is working the nss info does seem to be read from ad correctly, in smb.conf I have template shell set to /bin/bash and you can see that the testuser above has /bin/sh shell which is what is set in AD. I will attach logfiles and smb.conf Andy
Created attachment 6021 [details] smb.conf
Created attachment 6022 [details] log.nmbd
Created attachment 6023 [details] log.winbindd
Created attachment 6024 [details] log.wb-SAMBATEST
Created attachment 6025 [details] log.winbindd-dc-connect
Created attachment 6026 [details] log.smbd
is this fixed with the rewritten idmap code in 3.6 ?
I had to use apply c427b79 to make this work. Maybe this problem is the same?
with properly filled uidnumber/gidnumber attributes this as been working for me since years now in nany setups.