samba - Jan 2010 - upgrade from 3.2.15 fails - winbind problems

Greetings,

I have been attempting an existing Samba domain member server that is 
running Samba 3.2.15 to 3.3.9 (or 3.4.3) but in either case my AD users 
end up being unknown to the server.

I am using the idmap rid on the member server - no changes allowed to AD 
server, AD server not managed by my group.  So far any attempt using 
3.3.9 or 3.4.3 fails with AD users not being identified.

I am sure I have a broken config file, but have been unable to correct 
it on my own, nor have I been able to find an up-to-date example of how 
the smb.conf file for someone using idmap rid *should* look in the 
current versions of samba.

I would *love* to see a working smb.conf file from someone using idmap 
rid on a AD member server with the tbd backend on a currnet version of 
samba.

--------

I have left and rejoined the domain.  Testjoin says I joined okay.

wbinfo -g returns a list of groups

However, wbinfo -t tells me
checking the trust secret via RPC calls failed
Could not check secret

and is see the following from  wbinfo -a 1001362%password
plaintext password authentication succeeded
could not obtain winbind interface details!
could not obtain winbind separator!
could not obtain winbind interface details!
could not obtain winbind domain name!
challenge/response password authentication succeeded


finally from my hacked-up smb.conf file.

# idmap uid and idmap gid are aliases for
# winbind uid and winbid gid, respectively
# OLD IDMAP SETTINGS - did not work
#   idmap backend = idmap_rid:CSUNET=10000-20000
#   idmap uid = 10000-20000
#   idmap gid = 10000-20000
# 3.2.14 IDMAP settings
#   idmap domains = CSUNET
#   idmap config CSUNET:  default = yes
#   idmap config CSUNET:  backend = rid
#   idmap config CSUNET:  base_rid = 0
#   idmap config CSUNET:  range =  10000-100000000
# 3.3.9 IDMAP settings - still not working.
#   winbind separator = \
    winbind use default domain = yes
    template homedir = /home/%U
    template shell = /usr/bin/bash
#
    idmap backend = tdb
    idmap uid = 10000-100000000
    idmap gid = 10000-100000000
    idmap config CSUNET:  default = yes
    idmap config CSUNET:  backend = rid
    idmap config CSUNET:  range =  10000-100000000


Thanks!
-Bob



-- 
***********************************************************************
Bob Martel,System Administrator  I met someone who looks a lot like you
Levin College of Urban Affairs   She does the things you do
Cleveland State University       But she is an IBM
(216) 687-2214
r.martel at csuohio.edu                                -Jeff Lynne
***********************************************************************