[Samba] Samba AD Winbind ??

[Jan Dworschak]

hi,
i'm having big problems on integrating my samba-server to use the AD for
authentication.
I am running a Debian Linux (Sarge) box with Samba 3.0.14a and want to
share some folders. Winbind is not running yet.
Now with "valid users" I want to restrict the access to an specific
user. That user should checked against a AD from Samba instead of smbpasswd.

First of all, do I need winbind for that purpose?
Or is a ldap-configuration in smb.conf enough? Here are the lines of
interest:

########### smb.conf
...
# LDAP
passdb backend = ldapsam:ldap://<AD server>:389/
ldap suffix = "cn=...,dc=..."
ldap admin dn = "cn=...,dc=..."
ldap filter = (&(objectclass=User)(uid=%u))
ldap ssl = no

idmap backend = ad:ldap://<AD server>

obey pam restrictions = yes
invalid users = root
valid users = user1
###########

And second, should the samba-server be member of the AD domain? At the
moment he isn't.

Btw, UNIX Login against the same AD is working fine on that client (with
pam_ldap, nss_ldap).

Another question that i have belongs to the idmap_ad plugin from padl.
On our AD we integrated the RFC2307 schema.
I've compiled the patch successfully and copied it to
/usr/lib/samba/idmap/ad.so
Do I have to recompile samba, or can I use the already installed one?
And is the entry "idmap backend = ad:ldap://<AD server>" in smb.conf the
only change to make, so that samba uses ad.so ??
On the logs i can't see anything about ad.so - well it may lie on the
problem showed above, so that he didn't come so far?!
But I'm not sure.

Any help would be appreciated. Over a week of google didn't helped me,
neither the reading of many docs.


thanks in advance

Jan Dworschak