Настроил NSS, PAM, LDAP, Samba по мануалу на samba.org (Samba by example)
getent passwd, group, shadow все отлично показывает.
Завел утилитами smbldap-populate все группы, сделал Админа, гостя и пару системных пользователей.
Могу заходить через сеть на самбу под именами и паролями заведенных пользователей.
Но когда пытаюсь включить машину в домен, Windows XP пишет ошибку - "Именам пользователей не сопоставлены коды защиты данных".
Конфиг: workgroup = mycompany.RU netbios name = MAIN-SERVER server string = Central File Server admin users = x029ah Administrator invalid users = root guest account = sambaguest security = user encrypt passwords = yes
passdb backend = ldapsam:ldap://mycompany.ru nt acl support = yes
interfaces = 192.168.1.1 bind interfaces only = yes hosts allow = 192.168.0.0/16
idmap backend = ldap:ldap://mycompany.ru idmap uid = 10000-20000 idmap gid = 10000-20000
local master = yes preferred master = yes domain master = yes os level = 75
wins support = yes dns proxy = no
domain logons = yes
logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U logon script = startup.bat
dos charset = 866 unix charset = UTF-8
add user script = /usr/local/sbin/smbldap-useradd.pl -a '%u' delete user script = /usr/local/sbin/smbldap-userdel.pl '%u' add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod.pl -g '%g' '%u' add group script = /usr/local/sbin/smbldap-groupadd.pl '%g' && /usr/local/sbin/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/local/sbin/smbldap-userdel.pl '%g' add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w -d /dev/null -g Domain\ Computers -c 'Machine Account' -s /bin/false %u
ldap filter = (uid=%u) ldap delete dn = no ldap admin dn = cn=manager,dc=mycompany,dc=ru ldap suffix = dc=mycompany,dc=ru
ldap passwd sync = yes ldap ssl = no ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People
[далее расшаренные ресурсы]