[Samba] Access Denied w/LDAP backend

[jeff sacksteder]

When I connect to a Samba Member Server in my home network, I am
prompted for credentials and am able establish a session(I have not
yet joined the client machines to the domain). I see a list of shares
and am able to browse down into them as I expect, based on the
appropriate permissions. I can read the contents of files as well. If
I attempt to make any changes (file creation, deletion, renaming,
etc), I'm told that 'access is denied'.

I suspect that the issue has to do with mapping the domain user to the
posix user.

This is a small home network with a Samba PDC and a ldap sam. There
are two member servers and both posix and domain logons work with the
same password as expected. I started with a NT4 PDC configured as I
wanted it and vampired it into Samba+ldap. I made additional changes
once the ldap schema was established and may have broken something.

I have turned up the log level, but nothing obviously wrong is
apparent to me. There is an administrator account in the directory,
but the root user is a local posix account. That part of the config is
not finalized - I'm not sure that's relevant. I'm attaching a
sanitized dump of the ldap structure.

Where should I be looking next? I'm stumped so far.