[Samba] Winbind ?

[Talwar, Puneet (NIH/NIAID)]

We have an AD env at the org I work for.  But the AD that is structured here
is little different from a standard AD setup.  We have one large domain and
then child domain.  In the large domain which is the top of the AD tree we
have the entire user in that domain and then computer account are on each
child domain. Plus, we don't have the schema extended on AD account and no
SFU as well.  So it kind of makes it tough for us to set group policy and
permission.  

I was able to join the domain through setting up Kerberos and I can have the
user log on using there domain credentials. But here is the tricky part I
manage to setup winbind and it works fine but as far group permission to
access certain folder I need to figure out a way to do that because I have
limited admin right on the AD DC.  I guess the management is not planning
extended schema for UID and GID anytime soon.

So that is why I am looking for some solution here where winbind can pull
the info from the AD and set the permission and etc.

So I would like to know if anybody has a similar AD structure setup at their
org and are they doing fix this problem?

Ps. The OS I am working on is Red Hat ES