[Samba] Problem with RID to unix account mapping in ADS mode

[Michael St. Laurent]

Hello,

I'm working with the samba-3.0.23c version currently released for use
with RHEL-5.  I'm trying to switch into ADS security from DOMAIN
security and I'm having trouble with account mapping.  Currently the
mapping happens because the unix account name matches the windows
account name.  That no longer seems to be an option when you switch to
ADS mode (please correct me if I'm wrong).  I should also mention that
there are several servers involved and I'm syncing the unix UIDs so as
to play well with NFS too.

>From what I've read, the preferred method of accomplishing this under
ADS mode seems to be to hang the unix UID for the account in the LDAP
database part of ADS.  However, none of the documents I've read have
covered how to actually do that part.  They've all been about getting
samba to lookup the Idmap value and use it assuming that you've already
done that part somehow.

Is there a HOWTO available which covers that part of the process?  I
would really like to handle that part using unix tools as it would be
significantly more convenient than doing something from the windows end.