I'm testing winbind 3.3.1-1ubuntu1 (jaunty) and my user stored in AD is consistently being returned with a UID of 1000, rather than 10031, which is whats stored in LDAP/AD under uidNumber. If I install the 3.2.3-1ubuntu3.4 packages from intrepid, 'id bryanm' correctly returns 10031, but when upgrading back to 3.3.1-1ubuntu1, I get the wrong UID again. I did an install from source as well and experience the same conditions, but can't guarantee it was setup correctly since it was in an error state.
I see some interesting errors about being unable to find domain '*' which I'll attach to the end. Perhaps this is part of the new support of idmap_ad for multiple domains? Has configuration changed and the man pages not been updated perhaps, where one has to specify a domain to use specifically due to this feature? >From winbindd -i -s /etc/samba/smb.conf -d10 -n 3.3.1: idmap_sid_to_uid: sid = [S-1-5-21-1659249844-2332029812-1458590236-1419], domain = '' Returning valid cache entry: key = IDMAP/SID2UID/S-1-5-21-1659249844-2332029812-1458590236-1419, value = 1000, timeout = Fri Mar 13 17:01:56 2009 idmap_cache_find_sid2uid found 1000 Returning positive cache entry 3.2.3: idmap_sid_to_uid: sid = [S-1-5-21-1659249844-2332029812-1458590236-1419] Returning valid cache entry: key = IDMAP/SID/S-1-5-21-1659249844-2332029812-1458590236-1419, value = IDMAP/UID/10031, timeout = Fri Mar 6 19:52:16 2009 current smb.conf (lots of tinkering): [global] security = ADS workgroup = WM realm = CORP.WIDEMILE.COM server string = %h server (Samba %v) idmap backend = ad idmap config CORP.WIDEMILE.COM : schema_mode = rfc2307 idmap uid = 1000-20000 idmap gid = 1000-20000 winbind enum users = Yes winbind enum groups = Yes winbind nss info = sfu winbind use default domain = Yes winbind nested groups = Yes template shell = /bin/bash template homedir = /home/%U allow trusted domains = No domain master = no ldap ssl = off domain '*' errors: ad_idmap_cached_connection: called for domain '*' Cache entry with key = SAFJOIN/DOMAIN/* couldn't be found Cache entry with key = SAF/DOMAIN/* couldn't be found saf_fetch: failed to find server for "*" domain ldap_server from saf cache: '' find_domain_from_name_noinit did not find domain '*' get_sorted_dc_list: attempting lookup for name * (sitename NULL) using [lmhosts wins host bcast] Cache entry with key = SAFJOIN/DOMAIN/* couldn't be found Cache entry with key = SAF/DOMAIN/* couldn't be found saf_fetch: failed to find server for "*" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up *#1c (sitename (null)) Cache entry with key = NBT/*#1C couldn't be found no entry for *#1C found. resolve_lmhosts: Attempting lmhosts lookup for name *<0x1c> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory resolve_wins: Attempting wins lookup for name *<0x1c> resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: not appropriate for name type <0x1c> name_resolve_bcast: Attempting broadcast lookup for name *<0x1c> Hefty -d10 logs at: http://serenity.ninjr.org/~btm/winbind/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba