and so it begins....

* remove idmap_XX_to_XX calls from smbd.  Move back to the
  the winbind_XXX and local_XXX calls used in 2.2

* all uid/gid allocation must involve winbindd now

* move flags field around in winbindd_request struct

* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
  to prevent automatic allocation for unknown SIDs

* add 'winbind trusted domains only' parameter to force a domain member
  server to use matching users names from /etc/passwd for its domain
  (needed for domain member of a Samba domain)

* rename 'idmap only' to 'enable rid algorithm' for better clarity
  (defaults to "yes")

code has been tested on

  * domain member of native mode 2k domain
  * ads domain member of native mode 2k domain
  * domain member of NT4 domain
  * domain member of Samba domain
  * Samba PDC running winbindd with trusts

Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'

This will be a long week of changes.  The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)

source/smbd/server.c

@@ -842,7 +842,7 @@ void build_options(BOOL screen);
 	if (!init_registry())
 		exit(1);
 
-	/* Initialise the password backed before idmap and the global_sam_sid
+	/* Initialise the password backed before the global_sam_sid
 	   to ensure that we fetch from ldap before we make a domain sid up */
 
 	if(!initialize_password_db(False))
@@ -855,18 +855,6 @@ void build_options(BOOL screen);
 
 	static_init_auth;
 
-	{
-		const char *idmap_back = lp_idmap_backend();
-
-		if (!idmap_init((idmap_back && *idmap_back) ? "winbind" : NULL))
-			exit(1);
-	}
-
-	if (!idmap_init_wellknown_sids()) {
-		DEBUG(0,("ERROR: Samba failed to initialize it's 'well known' SID -> ID mapping tables.\n"));
-		exit(1);
-	}
-
 	static_init_rpc;
 
 	init_modules();