samba - Feb 2006 - Winbind - Windows 2000 AD group filtering

Hey all
I'm currently trying to use squid and samba/winbind to filter  internet
access based on groups in a windows 2000 active  directory domain. Im running
Mandrake 10.1 Community and  samba 3.0.10 installed from rpm.

Following the directions in the samba manual for setting  up winbind I have:

- configured nsswitch.conf

- checked to see if the libnss_winbind.so library is there

- checked to see if the symbolic link was there

- added relevent lines to the smb.conf as described in the  manual

- Joined domain successfully

I can use wbinfo to check the shared secret and get a  listing of users and
groups from the domain. But when I  use getent passwd and getent groups it only
shows local  users and groups on the Linux machine and not those from  the
windows domain as well. Is there a command I have to  use to synchronise users
and groups so I can get a unified  listing on the linux box.

********************************************
My Smb.conf

[Global]

        Workgroup = MYDOMAIN
        netbiosname = squidtest
        security = DOMAIN

#       Domain Stuff

        winbind separator = \
        idmap uid = 30000-40000
        idmap gid = 30000-40000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/MYDOMAIN/%U

        winbind use default domain = yes
        obey pam restrictions = yes
        password server = MYPASSWORDSERVER
        encrypt passwords = yes

[Share 1]

        path = /home/jim
        comment = Jim's Home Folder
        public = yes

**********************************************

Also this appears in my /var/log/samba/log.winbindd log  everytime i start
samba/winbind.


[2006/02/10 11:06:35, 1] nsswitch/winbindd.c:main(864)
  winbindd version 3.0.10 started.
  Copyright The Samba Team 2000-2004
[2006/02/10 11:06:35, 0]  nsswitch/winbindd_util.c:winbindd_param_init(560)
  winbindd: idmap uid range missing or invalid
[2006/02/10 11:06:35, 0]  nsswitch/winbindd_util.c:winbindd_param_init(561)
  winbindd: cannot continue, exiting.
[2006/02/10 11:06:35, 1] nsswitch/winbindd.c:main(897)
  Could not init idmap -- netlogon proxy only

I have also noted that from messing about with wbinfo  switches i can get
listings of groups for a particular  user on the domain. I then remove that user
from one of  the groups they belong to on the domain controller and run  the
same command again and it doesnt show a different list  of groups. I am confused
as this must mean its looking at  user and group data locally on the linux box
as it shows  old data but when i run getent passwd and getent group it  still
comes back with only the linux users and groups.

Is there any configuration options i have not set up in my  smb.comf or am i
missing something else?


Thanks in advance
James

 



_____________________________________________________________________
This transmission and any attachments are confidential and are intended solely
for the named addressee (s). If you are not the addressee, please do not read,
copy, use or disclose this transmission and please notify us immediately by
telephone on
+44 (0) 1670 594848 or by reply.  Please then delete this transmission from your
system.

Although we have taken steps to ensure that this email and attachments are free
from viruses, we advise that in keeping with good computing practice the
recipient must ensure that they in fact are virus free.

No contracts may be concluded on behalf of Fone Logistics LTD by means of email
communications.