From: Oliver Weinmann on
Hi all,

I just stepped over a problem where I can't add a local user to an AD group.. Running getent passwd and getent group doesn't display the AD users. Wbinfo -g and -u work fine. Here is my smb.conf:

netbios name = sles11test1
workgroup = SOMEDOMAIN
security = ADS
encrypt passwords = yes
password server =
idmap backend = ad
idmap config SOMEDOMAIN : backend = ad
idmap config SOMEDOMAIN : schema_mode = sfu
idmap config SOMEDOMAIN : range = 0-99999999
winbind nss info = sfu
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = yes
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
max log size = 50
log file = /var/log/samba/log.%m
log level = 3
dns proxy = no
wins server =
allow trusted domains = No
client use spnego = Yes
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
winbind refresh tickets = true
idmap cache time = 1
idmap negative cache time = 1
winbind cache time = 1

In the log I get this error when running getent group:

tail -f /var/log/samba/log.winbindd-idmap
Could not get unix ID
[2010/05/04 10:15:29.444783, 1] winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids)
Could not get unix ID

Getent group and passwd works fine e.g. on an old ubuntu install with samba 3.3.2.

So far I have this problem on SLES9 and SLES11.

Oliver Weinmann
Unix and Storage Administrator

VEGA Deutschland GmbH & Co. KG
Europaplatz 5
64293 Darmstadt
Tel : +49 (0)6151 8257-0
Fax : +49 (0)6151 8257-799
Email : oliver.weinmann(a)
Web :

Registered office/Sitz: Köln, Register court/Registergericht: Köln, HRA 19223; Fully Liable Partner/Persönlich haftende Gesellschafterin: VEGA Deutschland Management GmbH, Registered office/Sitz: Köln, Register court/Registergericht: Köln, HRB 43189; Managing Directors/Geschäftsführer: Kurosch Balali, Sigmar Keller, John Lewis, Manfred Müller

Notice of Confidentiality

This transmission is intended for the named addressee only. It contains information which may be confidential and which may also be privileged. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately.

To unsubscribe from this list go to the following URL and read the