I'm still struggling with getting winbind working. Now I've noticed that with the changes I made to smb.conf to support winbind, my nt domain users no longer see their home shares when they access the linux server from a win2k workstation with network neighborhood. To clarify, with security=domain, a user could locate the linux server in network neighborhood, double-click, and see their home share (as well as any other share exposed to their user account). When I added the following lines to my smb.conf file, this ability to see the home shares evaporated:

# Adding winbind configuration here
# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
# might need to disable these next two for performance
# reasons on the winbindd host
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
template homedir = /home/winnt/%D/%U
template shell = /bin/bash

Is the "template homedir = " what is screwing things up? The current home directories are /home/%U. But from the comment it doesn't seem that these template variables would come into play.

"Okay," he says, overwhelmed by the response. "Maybe someone can answer this question." :)

If I'm running winbind, I want PAM restrictions, right? Does that mean I need to turn encrypted passwords off in smb.conf? RH now defaults with encrypted passwords on.

Later edit: Well, that wasn't nice. I disabled encrypted passwords, and lost the ability to log into my samba shares.

Is there a tutorial or howto on winbind other than the main samba howto at samba.org? Or a forum somewhere to ask questions where I'm more likely to find knowledgable winbind users?

TIA.