[Samba] question about ADS sync

[Ben Kim]

Hi, 

I have a question about Samba's capability. I couldn't find answer from
web searches so want to try it here.

We use samba as file server in a mixed mode w2k active directory domain.
The problem is that each time a user changes his/her windows password,
admins have to update samba password manually. We want to avoid this, and
want Samba to automatically sync the user password with the directory 
server.

I checked winbind, but it seems to give all domain users access to the
samba server. We would like to limit the samba account to only a few
selected windows users. We want them to deal only with the windows account
without having to ask admins to update the smbpasswd.

>From web searches, there's no clear picture of what the possibilities are.
It appears if I use 'encrypt passwords' option, I have to keep a local
copy of smbpasswd, and automatic sync is impossible. (We don't want to use
plaintext passwords.) 

My question is, does anyone know a way to let Samba do automatic sync with
windows passwords?

I wonder if moving to samba 3.0 will solve this problem. Does anyone have
some experience in this regard?

Thanks in advance. 


Regards,
Ben