samba - Nov 2003 - Samba <- Winbind -> Windows 2003 ADS Questions

Hi everyone,

I'm relatively new to Samba - at least for more in-depth installations.
Big Thank-You from my company to the brilliant developers responsible for
this software.  We have our Samba server integrated with our Windows 2003
AD domain users via Winbind - a working installation with some issues
described below.  getent passwd works as the many docs show (one entry
below):

MYCOMPANY+jsmith:x:10890:10000:John Smith:/home/MYCOMPANY/jsmith:/bin/bash


When logged on to a Windows XP machine as MYCOMPANY\jsmith and attempting
to connect to the smith share, access is denied.  A check of the logs with
level=10 shows that XP is passing MYCOMPANY.ORG+jsmith, and I'm therefore
required to use the format MYCOMPANY.ORG+jsmith as a valid user.  This is
inconsistent with the various documents I've seen on the procedure which
show the format for valid users as MYCOMPANY+jsmith


Additionally, I'm trying to set up home directories on this Samba box, and
so I had to create a directory:  /home/MYCOMPANY.ORG/jsmith  (note my
smb.conf entry: template homedir = /home/%D/%U)You'll note from the
'getent
passwd' output above that the home is actually listed as
/home/MYCOMPANY/jsmith.  So, the result is that if I log into the console
as MYCOMPANY+jsmith , it looks for /home/MYCOMPANY/jsmith, and if I connect
to the homes share via Samba, it looks for /home/MYCOMPANY.ORG/jsmith .
Not the way I'd like it to be.

I've been through various documentation sources (my desk is quite out of
control with Samba docs), so I apologize if a reason and solution is
clearly documented somewhere.  I spent the last hour searching and I cannot
find a solution.  Perhaps someone here can assist me.

Many Thanks,
Kel Way

Samba 3 from source (latest as of yesterday)
krb5-1.3.1-6
openldap-2.1.22-6
Fedora Core .95 Severn


krb.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = MYCOMPANY.ORG
 default_tgs_enctypes = des-cbc-md5
 default_tkt_enctypes = des-cbc-md5
 forwardable = true
 proxiable = true
 dns_lookup_realm = true
 dns_lookup_kdc = true

[realms]
 MYCOMPANY.ORG = {
  kdc = nash-dc-01.mycompany.org:88
  admin_server = nash-dc-01.mycompany.org:749
  default_domain = mycompany.org
 }

[domain_realm]
 .mycompany.org = MYCOMPANY.ORG
 mycompany.org = MYCOMPANY.ORG

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }



Snip from smb.conf:

[global]
log level = 10
realm = MYCOMPANY.ORG
security = ADS
encrypt passwords = yes
workgroup = MYCOMPANY
password server = nash-dc-01.mycompany.org

# winbind config
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#client use spnego = yes
#winbind use default domain = yes

server string = Nashville File and Print Server

log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no

wins server = 209.93.144.12
dns proxy = no

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0700

[myshare]
   comment = Mary's and Fred's stuff
   path = /maryfred
   valid users = MYCOMPANY.ORG+jsmith
   public = no
   writable = yes
   printable = no
   create mask = 0765