I believe my problem is the same as original reporter Dan who says:
"This was never really an active directory install, it's a standard unix
LDAP + Kerberos install"
This is my setup as well (except I don't use LDAP, just MIT Kerberos).
Dan, I see that in your first smb.conf you did not have any idmap ranges
defined.
Did you end up setting up idmap ranges?
Do you still use kerberos to authenticate?
I'm fine with setting up idmap ranges. The goal is to continue to use
our existing MIT KDC and existing /etc/passwd UIDs.
So far my understanding of idmap/winbind does not give me a clue on
how to do this.
This (non-AD KDC) is not a supported configuration and that is why no
one responded on the Samba mailing list. But there are a few people
interested in this kind of setup:
https://lists.samba.org/archive/samba/2017-April/207728.html
https://serverfault.com/questions/659017/possible-to-authenticate-samba-via-kerberos-but-without-domain-join
Thanks for your help,
Chad.
