[Samba] Samba as AD domain member

[Wright, Tim (ANTS)]

Hi

we're running 3.0.1 on Solaris 9 ( with NIS/flat files as the NS ) as a
member server of the AD domain ( via kinit and then net join ).
there's a couple of things we've noticed and I'm not sure if they're just
the way it works or configuration problems:

(1) we assign the gid an uid mappings with idmap in smb.conf and I thought
that winbindd would not assign uid/gids if they already present which
appears not to be the case?

(2) all we are using winbindd for is to give access to file shares ( not for
logging into the unix server with AD account or anything ), and we seem to
have a slight issue in that 
(i) a AD user with no unix account accesses a share and winbindd creates a
unix account fot it and it is gtranted access to the share if  it satisfies
the valid users etc - good
(ii) a AD user with a valid unix account ( with the same username in AD and
NIS ) tries to access a share and sambd now validates the user as
AD\username rather than just username - bad

(3) Occasionally things just seem to stop working and the only way I can
find to fix it is to clear out the lockdir of all tdb files and restart (
symptoms will be things like net status sessions hangs, net groupmap list
hangs, wbinfo -r starts having issues )

(4) The samba stuff is running on a cluster ( active passive with dameons
running on both nodes all the time and just the share configuration failing
over ) - is there any way of ensuring that the tdb files are consistent
between the two ( I saw something on this list about a similar issue with a
backup print server ) - I'm I right in thinking we could set up an ldap
backend to store the tdb information ( if so is this advisable or is it
going to complicate things too much ).

thanks

tim


***************************************************************************
This communication (including any attachments) contains confidential information.  If you are not the intended recipient and you have received this communication in error, you should destroy it without copying, disclosing or otherwise using its contents.  Please notify the sender immediately of the error.

Internet communications are not necessarily secure and may be intercepted or changed after they are sent.  Abbey National Treasury Services plc does not accept liability for any loss you may suffer as a result of interception or any liability for such changes.  If you wish to confirm the origin or content of this communication, please contact the sender by using an alternative means of communication.

This communication does not create or modify any contract and, unless otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in England under Company Registration Number: 2338548.  Regulated by the Financial Services Authority (FSA).
***************************************************************************