That looks fairly okay, but I have a few comments:
These parameters are set, but do not need to be, they are all set to the default:
server min protocol = SMB2
fruit:aapl = yes
fruit:model = MacSamba
fruit:posix_rename = yes
fruit:zero_file_id = yes
elasticsearch:port = 9200
elasticsearch:address = localhost
Do you really want guest access, none of your shares are set to be accessible by a guest user, not even the one named ‘public’ ?
map to guest = Bad User
Why have you set this ? you shouldn’t need to touch it:
max open files = 163840
You have a couple of old SMBv1 related parameters, but you are not using SMBv1:
max xmit = 65535
wins support = Yes
This only really works with a ZFS filesystem:
fruit:resource = xattr
Finally, we come to the ‘idmap config’ lines, which will work:
idmap config * : backend = tdb
idmap config * : range = 10000-999999
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range = 2000000-2999999
Those allow for 989,999 users or groups in the default ‘*’ domain. The default domain is meant for the Well Known SIDs (there are less than two hundred of them) and anything outside the ‘DOMAIN’ domain (so really 0), <200 != 989,999, why redhat doesn’t use the Samba recommended range of 3000-7999 (which is still really too large) I do not know, unless you have already saved data to your fileserver, I would change them to:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range = 10000-2999999
I suspect that your problems lie elsewhere, so can you post the contents of the following files (sanitised if must):
/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf
/etc/nsswitch.conf