[Samba] Where to go next; Winbind/LDAP/ID mapping

[simon_gibbs]

Hi,

Thanks to those who got back to me the last time I posted.

I've been reading up on LDAP and piecing together the puzzle
using the Samba By-Example doc and other pieces of
information found on the web. I'm now up to the stage where
I believe I have a working LDAP directory configured  -
ldapsearch yields expected results - and Samba can connect
to it OK - tested by changing LDAP password and checking
logs for connect errors. The NSS tools from PADL are also
compiled and configured as per  Samba By-Example.

What I haven't found clear though is how Samba/Winbind
populate the LDAP directory with the ID mappings.
Do I have to use the user/group add scripts - bearing in
mind the box is a domain member and is not going to be
acting as a PDC? Or should Winbind add the ID mapping when a
user attempts to connect to a share?

At the moment wbinfo -t, wbinfo -u and wbinfo -g work OK but
getent passwd/group only displays local users and groups. If
a domain user attempts to connect to a share with full
access permissions they are prompted for login information.
How can Winbind add the user to LDAP if the user cannot
connect to the share as they currently don't exist?

If required I can post conf files for LDAP/Samba/NSS_LDAP,

Thanks,

Simon