[Samba] smbpasswd complains about LDAP: "Object class violation"

[Chris St. Pierre]

I'm trying to get Samba on a Mac OS X box running as a PDC with an
LDAP backend.  I've read through all of the major walkthroughs I can
find, and we've actually already got it running very nicely as a file
server; people are currently authenticating against a different PDC
and then mapping drives from the Samba box in question.

However, I'd like it to be the PDC eventually, but I'm running up
against a problem.  It is my understanding that the machine trust
accounts need to be added with smbpasswd (or an LDAP workaround such
as the smbldap-useradd.pl that comes with samba), but smbpasswd
fails with the following error:

--------------------------------
# ./smbpasswd -a -m guinea-pig$
ldap_connect_system: Binding to ldap server as "cn=directory manager"
LDAP search "(&(uid=guinea-pig_)(objectclass=sambaAccount))" returned
0 entries.
ldap_connect_system: Binding to ldap server as "cn=directory manager"
failed to modify user with uid = guinea-pig$ with: Object class
violation

Failed to add entry for user guinea-pig$.
Failed to modify password entry for user guinea-pig$
--------------------------------

The best thing I could find on the web was this:
http://lists.samba.org/archive/samba/2003-February/062371.html, which
only suggests upping my debug level.  Doing so provides no better
info, though:

--------------------------------
./smbpasswd -D 10 -a -m guinea-pig$
[snip]
Initializing connection to newman.nebrwesleyan.edu on port 389
ldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server as "cn=directory manager"
ldap_connect_system: succesful connection to the LDAP server
ldap_search_one_user: searching
for:[(&(uid=guinea-pig$)(objectclass=sambaAccount))]
ldap_search_one_user: searching for:[uid=guinea-pig$]
User exists without samba properties: adding them
Setting entry for user: guinea-pig$
failed to modify user with uid = guinea-pig$ with: Object class
violation

Failed to add entry for user guinea-pig$.
Failed to modify password entry for user guinea-pig$
--------------------------------

If that thread I linked to is correct, then smbpasswd is trying to add
the machine user guinea-pig$ with the structural objectClass
"sambaAccount" -- which is bogus.  If that's the case, is there a fix
that doesn't involve hacking smbpasswd?  Or, if that's not the case,
what is and how do I fix it?  Thanks for your help!

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
402.465.7549