Hi, base_rid in idmap_rid now is deprecated but if yu put base_rid in smb.conf and flush the cache (net cache flush) getent group doesn't show users and groups domain any more (but wbinfo works). Furthermore how idmap_rid calculate now the uid/gid from RID? The equation ID = RID - BASE_RID + LOW_RANGE_ID works but sometimes BASE_RID is 0 and sometimes BASE_RID is 1000 even if you don't change smb.conf. This can cause a lot of problems if you use acl or if you use winbind authentication. This is the idmap_rid settings of my smb.conf: [...] workgroup = DOMINIOCSA security = DOMAIN [...] idmap uid = 10000-25000 idmap gid = 10000-25000 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind offline logon = Yes idmap config DOMINIOCSA : range = 10000-25000 idmap config DOMINIOCSA : backend = rid [...] Have a great day Piviul
I've understood something more. If you try to add base_rid to smb.conf (I've ever used base_rid=1000) wbinfo works but getent doesn't ; but the cache will be filled with the idmap having the base_rid you specified in the smb.conf. Now to have winbind working you have to remove base_rid from smb.conf and when you restart winbind, winbind has old and incongruent idmap values in the cache. When the value in cache expires the mapping change even if you have not changed smb.conf. I hope this help you to understand better my bug report Have a great day Piviul
your issues came from an invalid idmap config I think id ranges may not overlap. With a correct idmap config no such errors should pop up, the wiki should have some good examples, the mailing list can offer help also.