[Samba] Samba domain members and idmap_ad

[jstewart at adt-it.com]

Hello All;
I have a small, isolated, network consisting of a W2K3 (sp2) domain
controller and about 20 client PCs which dual-boot between Win XP Pro and
Fedora 6.  I am attempting to configure Samba (3.0.24), which runs only on
the client machines when Fedora is booted, for single log-on and roaming
profiles.  MS Services for Unix (SFU) v3.5 is installed on the W2K3 domain
controller, so I would like to use that to manage user/group IDs.

I have been able to join the AD domain and validate logins of domain
users, but have been unable to configure a working backend that pulls
UID/GIDs directly from the W2K3 server via 'idmap backend=ad'.  I've been
through the Official Samba How-To & Reference documents as well as
O'Reilly's Using Samba (3rd Ed), the Samba WIKI, and the usual Google
searches.

Questions:
1.  Does anyone know for sure if the Samba RPM built for Fedora 6
(samba-3.0.24-3) was built with the idmap_ad library (compiled with
'--with-shared-modules=idmap_ad')?  The results of 'smbd -b' are a bit
ambiguous to me, but it does list 'idmap_ad_init' as a 'Build Option' (but
makes no mention of 'idmap_ad' in the 'Builtin modules').

2.  Can anybody offer any hints or point me to a reference or how-to that
may help me complete this configuration?

Thanks!!!
--Jeff

smb.conf:
[global]
   workgroup = TestGroup
   realm = TESTGROUP
   security = ADS
   username map = /etc/samba/smbusers
   log level = 3
   syslog = 0
   log file = /var/log/samba/%m
   max log size = 50
   ldap ssl = no
   idmap uid = 1000-33554432
   idmap gid = 1000-33554432
   template shell = /bin/bash
   winbind use default domain
   winbind separator = +