[Samba] Samba and a rather large domain

[Tom Cramer]

I have a new Samba installation that I wish to become a fileserver for
several people.  I would like to authenticate them to the main company
domain, and am trying to figure out the best way to do so.  I have looked
into winbind, and seem to be running into a serious problem.  The main
domain and all the trusted domains add up to nearly 130,000 users.  This
causes grief for winbind since it tries to map all these users to uids, and
there aren't enough available.

The end result that I want is to have the small group of users in my
department to have nearly transparent file access.  IE, if they are logged
into their machine with their domain account, they simply type
\\server\share and have access with no username prompts.  If they are on a
machine not joined to the domain, then they should be able to type
DOMAIN\user as their username, and have the password work.  What is the
minimal setup I need to accomplish this?  Can I set up winbind in a way that
prevents it from mapping every user account in existence to a uid?  All the
users I want to have access are all part of one domain, but it is still
rather large.

Thanks,
Tom