Originally Posted by designator
I'm only seeing the local accounts, but SAMBA is definitely talking to LDAP because if I try a wrong password when adding a new machine to the domain, it correctly fails to authenticate.
If getent passwd isn't displaying your Windows accounts, it sounds like you need to configure /etc/nsswitch.conf. Your nsswitch.conf file should look something like the below:
passwd: files ldap
group: files ldap
shadow: files ldap
I would also double-check /etc/libnss-ldap.conf or /etc/ldap.conf. It should look something like: