FreeNAS

In addition to autorid, rid, ad, etc. idmap backends. It's possible in samba to use external directory services to provide IDs for domain users. We have at least two customers that want this, and in general it's a good feature to have.

We can mostly support this out of the box with new ui in the nightlies as far as I can tell. I have it working in a test environment. The only code change I had to make was as follows:

root@catherder:/usr/local/lib/python3.6/site-packages/middlewared/etc_files # diff -u nsswitch.conf.orig nsswitch.conf
--- nsswitch.conf.orig    2018-07-06 19:02:32.698539683 -0400
+++ nsswitch.conf    2018-07-06 19:02:52.887779423 -0400
@@ -20,10 +20,6 @@
         passwd = ['files']
         sudoers = ['files']

-        if ad_enabled or dc_enabled:
-            group.append('winbind')
-            passwd.append('winbind')
-
         if ldap_enabled:
             ldap_anonymous_bind = safe_call('notifier.common', 'system', 'ldap_anonymous_bind')
             ldap_sudo_configured = safe_call('notifier.common', 'system', 'ldap_sudo_configured')
@@ -41,6 +37,10 @@
             group.append('nis')
             hosts.append('nis')
             passwd.append('nis')
+
+        if ad_enabled or dc_enabled:
+            group.append('winbind')
+            passwd.append('winbind')
 %>

 group: ${' '.join(group)}

This allowed me to set up NIS and LDAP as ID providers with a slightly customized smb4.conf file and the idmap_nss backend.