Samba Domain Member Not Pulling AD Group/User info

We’re upgrading from an old NT4 domain, and I’ve just got Samba AD setup on a new Ubuntu 20.04 server. Current Samba version is 4.11.6-Ubuntu on both the DC and the Domain Member Server which is also running Ubuntu 20.04. I’ve followed the Samba official guide (While substituting distro directories) and I’m able to kinit just fine, I can run wbinfo -a just fine and it authenticates, but if I run getent passwd DOMAIN\USER I’m getting no output, I’ve enabled winbind enum users = yes and winbind enum groups = yes in my /etc/samba/smb.conf file, but still nothing. Interestingly enough, wbinfo -u & wbinfo -g returns all of my users and groups.

I’ve also tried just getent group and It returns some of my groups (above gid 2300 it seems), but getent user only returns the local users no matter what ID I assign any test users I’ve made.

I’ve also ensured my configs on the DC are setup as well, and I can run the getent command with the args I’ve tried on the member server and It works, It pulls the ID and everything.

Also, something to note, I’ve manually pulled all users and groups (including uid/gid) from the old domain using samba-tool to add them with the appropriate args. Our UID’s range from 1004-4000, and gid’s range from 900-950.

My thought was that it had something to do with the idmap ranges in /etc/samba/smb.conf but no matter what I put there nothing works (yes I’ve been rebooting/reloading/restarting services as well). I also can’t log in, even though I’ve confirmed that PAM is configured to use winbind and my /etc/nsswitch.conf file is setup correctly (user and group has winbind appended)

So ultimately, my question boils down to: Has anything changed with Ubuntu 20.04 that I need to adjust in order for Samba to work? Or, am I just doing something wrong? (Configs below)

DC SMB.Conf

# Global parameters
[global]
        dns forwarder = 192.168.1.1
        netbios name = DC1
        realm = DOMAIN.COM
        server role = active directory domain controller
        workgroup = DOMAIN
        idmap_ldb:use rfc2307 = yes

# Template settings for login shell and home directory
        template shell = /bin/false
        template homedir = /home/%U

        winbind enum users = yes
        winbind enum groups = yes

Member Server SMB.conf

[global]
   workgroup = DOMAIN
   security = ADS
   realm = DOMAIN.COM
   username map = /etc/samba/user.map

   log file = /var/log/samba/%m.log
   log level = 1

# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
   idmap config * : backend = tdb
   idmap config * : range = 10000-17999
# - You must set a DOMAIN backend configuration
# idmap config for the DOMAIN domain
   idmap config DOMAIN : backend = ad
   idmap config DOMAIN : schema_mode = rfc2307
   idmap config DOMAIN : range = 1000-5000
   idmap config DOMAIN : unix_nss_info = yes

   vfs objects = acl_xattr
   map acl inherit = yes
   store dos attributes = yes
   dedicated keytab file = /etc/krb5.keytab
   kerberos method = secrets and keytab

   winbind enum users = yes
   winbind enum groups = yes

nsswitch.conf

passwd:         files systemd winbind
group:          files systemd winbind
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Member Server KRB5 Conf

[libdefaults]
        default_realm = DOMAIN.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true