Dear all I have upgraded my Samba from 3.5.x to a newest 3.6.0 version. My Samba is connected to an Active Directory 2008 R2 the "getent passwd" did not display any ActiveDirectoy Domains users. the "net ads group" display correctly the ActiveDirectory groups : net ads group Administrateurs Utilisateurs Invités Opérateurs d’impression Opérateurs de sauvegarde Duplicateurs Utilisateurs du Bureau à distance Opérateurs de configuration réseau Utilisateurs de l’Analyseur de performances Utilisateurs du journal de performances Utilisateurs du modèle COM distribué IIS_IUSRS Opérateurs de chiffrement Lecteurs des journaux d’événements Accès DCOM service de certificats Ordinateurs du domaine I think there is a misconfiguration in my setup but did not find any solution: Where i'm wrong ? [global] workgroup = TOUZEAU netbios name = bdc2 server string = %h server disable netbios =no max protocol = SMB2 name resolve order =host lmhosts wins bcast dns proxy = No wins support = No min protocol = NT1 syslog = 3 log level = 10 log file = /var/log/samba/log.%m debug timestamp = yes # Enable symbolics links ----------------------------------- follow symlinks = yes wide links = yes unix extensions = no usershare allow guests = no usershare max shares = 100 usershare owner only = true usershare path=/var/lib/samba/usershares/data #Guest access guest account = nobody map to guest = Bad Password template homedir = /home/%U template shell = /bin/false enable privileges = yes os level = 40 ldap passwd sync = no #WINBINDD ******************************************************* security = ADS realm = TOUZEAU.HOME idmap config TOUZEAU:backend = ad idmap config TOUZEAU:readonly = yes idmap config TOUZEAU:schema_mode = rfc2307 idmap config * : range = 16777216-33554431 client use spnego = No client use spnego principal = No encrypt passwords = Yes client ntlmv2 auth = Yes client lanman auth = No winbind normalize names = Yes winbind separator = / winbind use default domain = No winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes winbind nss info = rfc2307 winbind offline logon = true winbind cache time = 5 winbind refresh tickets = true kerberos method = system keytab allow trusted domains = Yes server signing = mandatory client signing = mandatory lm announce = No ntlm auth = No lanman auth = No preferred master = No printing = bsd # VISTA/Windows7 compatibility # ACLs settings nt acl support=yes map acl inherit=yes acl check permissions=yes inherit permissions=no inherit acls=no acl map full control=yes dos filemode=yes force unknown acl user = no # LDAP settings ----------------------------------- ldap delete dn = no passdb backend = ldapsam:ldap://127.0.0.1:389 ldap admin dn = cn=Manager,dc=my-domain,dc=com ldap suffix = dc=my-domain,dc=com ldap group suffix = dc=organizations ldap user suffix = dc=organizations ldap machine suffix = ou=Computer,dc=samba,dc=organizations ldap delete dn = yes ldap ssl = off ldap idmap suffix = ou=idmap,dc=samba,dc=organizations,dc=my-domain,dc=com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba