domain user is not show up in permission dropdown manual

[bones0008]

Hi,

I just build a new NAS with version 11.3-U4.1, after I add it in to my AD, I can see my network user and group in terminal (wbinfo -u and getent group), but I can't find any of them in the permission dropdown manual. Check look the screen shot as follow. As you can see I even type in the domain users in the group field, but I got a error message. I have a old version 11.2-U8, it's working perfect. don't know why 11.3-U4.1 is not working.

Does any one see this before please ring be a bell.

 

[anodos]

Behind the scenes middleware is calling `grp.getgrnam()` on the username you provided. It's failing with the error "name not found". Did you join through the GUI? What was result in the task manager (top-right of screen)?

 

[bones0008]

Behind the scenes middleware is calling `grp.getgrnam()` on the username you provided. It's failing with the error "name not found". Did you join through the GUI? What was result in the task manager (top-right of screen)?

I got a error state in the task manager. But all other task is get passed.

 

[anodos]

Something may be wrong with idmap settings. What is output of getent group "domain users"? Post output of "testparm -s".

 

[bones0008]

Something may be wrong with idmap settings. What is output of getent group "domain users"? Post output of "testparm -s".

Here is the out put

root@freenas240[~]# testparm -s
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

# Global parameters
[global]
aio max threads = 2
bind interfaces only = Yes
client ldap sasl wrapping = plain
disable spoolss = Yes
dns proxy = No
domain master = No
enable web service discovery = Yes
kerberos method = secrets and keytab
kernel change notify = No
load printers = No
local master = No
logging = file
max log size = 51200
nsupdate command = /usr/local/bin/samba-nsupdate -g
preferred master = No
realm = DDSH.ADV.LOCAL
restrict anonymous = 2
security = ADS
server min protocol = SMB2_02
server role = member server
server string = FreeNAS Server
template shell = /bin/sh
unix extensions = No
winbind cache time = 7200
winbind enum groups = Yes
winbind enum users = Yes
winbind max domain connections = 10
winbind nss info = rfc2307
winbind status fifo = Yes
winbind use default domain = Yes
workgroup = DDSH
idmap config ddsh: unix_primary_group = True
idmap config ddsh: unix_nss_info = yes
idmap config ddsh: schema_mode = rfc2307
idmap config ddsh: range = 400000000-500000000
idmap config ddsh: backend = ad
idmap config *: range = 90000001-100000000
idmap config * : backend = tdb
allocation roundup size = 0
directory name cache size = 0
dos filemode = Yes
include = /usr/local/etc/smb4_share.conf

 

[anodos]

idmap config ddsh: backend = ad
^^^ Have you set a GID inside your AD schema for this group, and is it greater than 400000000?

 

[bones0008]

idmap config ddsh: backend = ad
^^^ Have you set a GID inside your AD schema for this group, and is it greater than 400000000?

Yep, that is the number I put in there, also, now the user and group shows up in the drop down manual. What I did is uncheck those two option.
Thanks for the help.