[Samba] RHEL Cluster Samba and AD

[Tim Alexander]

Dear All,

My head is spinning and I fear I am trying to start this from far too
far behind to keep ploughing on.  Essentially we are having difficulty
with our samba shares at work.  We have moved to server 2k8 DCs and
this seeems to have reeked havoc on our setup.  Our difficulty seems
to stem from authentication issues.  We have bodged a work around
though it is neither very secure nor indeed particularly easy to
maintain.  Our difficulty seemed to stem from winbindd not being able
to read uid/gid from our AD.  From what I understand this was down to
AD only having a ticket for the resource and not for the cluster.  Red
Hat support have stated that winbind is legacy and therefore not
really supported, nice.  This led to me pondering about using LDAP to
passthrough authentication to AD but so far I am starting from so far
behind the drag curve my ears are starting to bleed.  I can find a few
tutorials on the web about clustered samba and ldap but alot of them
assume having openLdap as the primary authentication point or
directory, this is not an option for us as we are very much tied in to
our new 2008 servers and esx setup.

I suppose my query in a nutshell is has anyone managed to configure
running win based machines that authenticate to a 2008 DC and have
need to connect to some user/group controlled samba shared directories
that are run under a RHEL cluster?  essentailly some user only need to
see the data while others need to be able to write data to the shares.
 This would ideally be controlled from AD groups etc.  If this could
avoid running openLDAP in mirrored (and slightly modified) tandem to
AD that would be ideal though i am fearing the worst on this point.

I apologise if this is a simple query but I have got myself bogged
down in kerberos/samba/likewise/openldap tutorials and guides and feel
like i am slowly drowning.  any pointers would be greatly
appreciated!!

Thanks in advance

Tim