[Samba] Understanding ldap auth credentials

[jeff sacksteder]

I'm try to create a single sign on configuration for a home
fileserver, storing user accounts in the directory and using those
credentials to authenticate Linux shell logins, server applications
and PDC logins.

I have NSS working correctly and am trying to extend my LDAP schema to
accommodate Samba. For the benefit of my own understanding, I'm trying
to make the necessary changes to my ldif file by hand. I will only
ever have 3 users, so I'm not terribly concerned about scripts for
automating account maintenance.

It appears that the uid and SID are the only mandatory attributes, but
I also see attributes for storing the passwd or pw hash. Is the passwd
to be stored in the LDAP record twice - once as a posix pw and once as
a domain pw? Can't Samba just use the existing pw attribute?

If I attempt to auth, check_ntlm_password returns
NT_STATUS_WRONG_PASSWORD. Could that also result from not being able
to find the appropriate pw attribute?