[Samba] Questions on Samba3/OpenLDAP/PDC

[ksun at ABINITIO.COM]

Greetings!

        I set up a PDC with samba 3.0.4 and openldap-2.2.14 and use 
smbldap-tools to populate ldap database. I am able to use the Microsfot's 
User Manager (usrmgr.exe) to add and delete users. I have a few questions 
that I hope you can help me with.

        1. smbldap-tools maps Domain Admins group to group ID  512. I 
created domadmins group with ID 512 in /etc/group and added test as a 
member of this group.

                After adding user test from usrmgr.exe on a window XP 
client, test is automatically members of Domain Admins and Domain Users.
                Now login as test, on the windows XP client and  run 
usrmgr.exe, I cannot open any of the user. It always say "access denied".
                In sort, I can add/delete user as Administrator but cannot 
do the same on test although test is a member of the Domain Admins group, 
seeing from usrmgr.exe.
                Did I miss anything? There is no sign that test belong to 
a Domain Admins group from LDAP database.

        2. The Administrator cannot read its roaming profiles. usrmgr and 
pdbedit show its profile is at \\pdc\profiles\Administrator. The directory 
is empty. What should be the correct protection and do I need some intial 
entries there?

        3. All users, groups, computers, have to have an entry in the 
/etc/passwd or/and /etc/group first before usrmgr can add or delete them 
in ldap backend. Why couldn't samba administrating them as well?

        4. I thought ldap can manaing NIS but I have not seen, sorry for 
my ignorance, a document to integrade NIS/Samba-PDC/openldap together. 
Could someone give me a pointer? Thank you!

        Thank you.

-- Kang Sun