samba - Jul 2011 - AD integration and idmap_adex not translating sid-to-uid domain trusts

Hi Guys,

I'm setting up a new file server in our domain environment and I'm
having problems with the adex configuration/module. I have couple of working
file servers using rfc2307/idmap_ad and they are working perfectly. What
attracted me to the idmap_adex module is the domain trust/forrest authentication
support. I have 2 domains not in the same forest with a 1-way trust setup. The
server in question is joined to the domain that is trusted by the
"outside" domain. Here are pastbins of my cleaned configs:

krb5.conf<http://pastebin.com/VgV3s8zG>
smb.conf<http://pastebin.com/m84qzhwq>

wbinfo -u             This command lists all the users of both domains
wbinfo -g             works same as -u
wbinfo -i "username"                 Could not get info for user
                                    winbindd.log will output "Could not
convert sid NT_STATUS_INVALID_PARAMETER"
"getent passwd" doesn't work either

I'm at a loss, I've tried many different config options and nothing
really changes. My nsswitch is setup "files winbind" for passwd and
group. I have used "kinit" and "net ads join" successfully.
The thing that stumps me is idmap_ad works perfectly but just doesn't
support domain trusts. Does anybody have rfc2307 schema in AD and samba working
with multiple domains?

Thanks for your help.
-JP

Important : This message is intended only for the recipient(s) identified above
by the originator or forwarder of this message and may contain information that
is confidential, proprietary and/or legally privileged. If you have any reason
to believe or suspect that this message may have come to you in error, please
notify the originator of this message of your receipt of it, refrain from
sharing this message with anyone else, delete it from each computer or server on
which it is stored (without copying it or printing it out) and take no other
action based on its content. Thank you.

Hi Guys,
I'm setting up a new file server in our domain environment and I'm
having problems with the adex configuration/module. I have couple of working
file servers using rfc2307/idmap_ad and they are working perfectly. What
attracted me to the idmap_adex module is the domain trust/forrest authentication
support. I have 2 domains not in the same forest with a 1-way trust setup. The
server in question is joined to the domain that is trusted by the
"outside" domain. Here are pastbins of my cleaned configs:
krb5.conf<http://pastebin.com/VgV3s8zG>
smb.conf<http://pastebin.com/m84qzhwq>
wbinfo -u This command lists all the users of both domains
wbinfo -g works same as -u
wbinfo -i "username" Could not get info for user
winbindd.log will output "Could not convert sid
NT_STATUS_INVALID_PARAMETER"
"getent passwd" doesn't work either
I'm at a loss, I've tried many different config options and nothing
really changes. My nsswitch is setup "files winbind" for passwd and
group. I have used "kinit" and "net ads join" successfully.
The thing that stumps me is idmap_ad works perfectly but just doesn't
support domain trusts. Does anybody have rfc2307 schema in AD and samba working
with multiple domains?
Thanks for your help.
-JP

Important : This message is intended only for the recipient(s) identified above
by the originator or forwarder of this message and may contain information that
is confidential, proprietary and/or legally privileged. If you have any reason
to believe or suspect that this message may have come to you in error, please
notify the originator of this message of your receipt of it, refrain from
sharing this message with anyone else, delete it from each computer or server on
which it is stored (without copying it or printing it out) and take no other
action based on its content. Thank you.