replacing active directory when using samba and winbind
 

My current configuration uses samba and winbind on a linux server that authenticates users from a windows active directory server.

samba config summary
workgroup = CORPNET
realm = corpnet.maydomain.com
netbios name = FS01
encrypt passwords = yes
security = ads
auth methods = winbind
wins server = 192.168.1.2
winbind uid = 10000-20000
winbind gid = 10000-20000
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
#idmap uid = 10000-20000
#idmap gid = 10000-20000
username map = /etc/samba/users.map
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind use default domain = yes

I also have kerberos running.

The linux server mainly is a file server for remote windows users.
It also have local account for users under /home/CORPNET/username.
I also servers as a vpn server for windows built in vpn client.

The machine also has DNS service running.

It like to detach it from the active directory service, which runs on the windows server (separate box)

However, I do not want to recreate all user accounts, especially since the filse on the samba share (i.e. the file server) has access right set to specific users.

In short, I need to run a subset of active directory, enough to keep authentication for the file server, vpn, and local user accounts.

I understand I could use ldap, winbind, or winbind + ldap, but cannot find a good howto.

Also unclear is how can I copy over the user accounts info, or easily recreate their settings? I understand I need to maintain the