[Samba] First Linux Machine Domain Join

[John R. Graham]

I apparently haven't created the correct formula to get Samba to start 
winbindd on my workstation in the process of joining my domain. Testing 
winbindd connectivity fails:

     ~ # wbinfo --ping-dc
     could not obtain winbind interface details: 
WBC_ERR_WINBIND_NOT_AVAILABLE
     could not obtain winbind domain name!
     checking the NETLOGON for domain[] dc connection to "" failed
     failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE

The join /partially/ succeeded:

     ~ # net ads join -U administrator
     Password for [SAMDOM\administrator]:
     Using short domain name -- SAMDOM
     Joined 'TERRA' to dns domain 'samdom.example.com'
     DNS Update for terra.samdom.example.com failed: ERROR_DNS_UPDATE_FAILED
     DNS update failed: NT_STATUS_UNSUCCESSFUL

I say "partially" in that, despite the errors above, the machine record 
is now present in the AD DC's /var/lib/samba/private/sam.ldb database 
and appears to be complete.

My current /etc/samba/smb.conf is:

[global]
    security = domain
    workgroup = SAMDOM
    realm = SAMDOM.EXAMPLE.COM
    server string = "John's Terra Workstation"
    server role = member server

    log file = /var/log/samba/log.%m
    log level = 1
    max log size = 50

    idmap config * : backend = tdb
    idmap config * : range = 3000-7999
    idmap config SAMDOM:backend = ad
    idmap config SAMDOM:schema_mode = rfc2307
    idmap config SAMDOM:range = 10000-9999999
    idmap config SAMDOM:unix_nss_info = yes

    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

    template shell = /bin/bash
    template homedir = /home/%U

I've made the requisite changes in /etc/nsswitch.conf and my 
distribution's Samba package supplies the pam configuration. Still, I'm 
obviously missing something.

- John