samba - Aug 2004 - Pre-populating winbind idmap doesn't work.

Greetings,
(re-phrased posting)

In order to get CIFS and NFS interoperability in an EMC Celerra environment 
I'm trying to pre-populate a Samba winbindd idmap database
(/var/lib/samba/winbindd_idmap.tdb) with some fixed entries. My thought was that
a "net idmap restore" from a manually generated file should match the
output from a subsequent "net idmap dump". But it does not!

This has been tested on both Samba 3.0.2 and 3.0.6, and is completely
reproducible. We are running in a native W2K Active Directory environment.

Here's an example sequence.
-------------
# /etc/init.d/winbind status
winbindd is stopped
# head -3 /tmp/usermapper.tmp
GID 100001 S-1-5-15-735fc311-1cda3193-320a1743-4c7
GID 100002 S-1-5-15-735fc311-1cda3193-320a1743-4fe
GID 100003 S-1-5-15-735fc311-1cda3193-320a1743-208
# wc -l /tmp/usermapper.tmp
   1218 /tmp/usermapper.tmp
# rm /var/lib/samba/winbindd_*.tdb 
# cat /tmp/usermapper.tmp | net -d10 idmap restore > /tmp/restore.log
2>&1
# grep 'db_set_mapping: stored' /tmp/restore.log  | wc -l
   1218  
<<<<<<<<<<<<<<<<<< # of
input lines
# net -d10 idmap dump ./winbindd_idmap.tdb > /tmp/dump.log 2>
/tmp/dump.debug
# wc -l /tmp/dump.log 
    563 /tmp/dump.log <<<<<< # of output lines
# -------------

There are 1218 entries in the input, but only 563 in the output! Any idea what
might be going on?  I've checked the input file for invalid characters and
have found no problems.

Here's a (sanitized) copy of my smb.conf
----------------- 
[global]
        # Start of host specific entries
        interfaces =  127.0.0.1 1.2.3.4
        netbios name = ITLMTRP01
        # End of host specific entries

        workgroup = MEDQA
        preferred master = No
        domain master = No
        bind interfaces only = yes
        wins server = 4.5.6.7

        # AD parameters
        realm = MEDX.HARVARD.EDU
        password server = *
        security = ADS
        encrypt passwords = Yes

        # winbind parameters
        winbind separator = .
        winbind use default domain = yes
        winbind cache time = 10
        winbind enum users = yes
        winbind enum groups = yes
        template shell = /bin/bash
        template homedir = /%D/HOME/%U
        idmap uid = 70000-200000
        idmap gid = 70000-200000-----------------

I can forward copies of the input, output, and debug files if that would help.

Thanks!

David
?
David Bryant - Unix Systems Administrator
Harvard Medical School - Boston Massachusetts

PS. I'm using SpamGourmet (http://www.spamgourmet.com/) to anonymize my
address. Replies will be answered from a "real" address.
?