LinuxQuestions.org - Samba --> nobody run "add user script = /usr/sbin/useradd ....." ??!!

Greetings!

I have the following configuration:

Two PDCs with Fedora Core 4: PDC1 and PDC2.

PDC1 trusts PDC2, respectively PDC2 is trusted to PDC1.
I join an XP workstation to PDC2. After restart i can see both domains in the login screen domain combo box.
I can logon to PDC2 , but not to PDC1, since the PDC2's /etc/passwd lacks the username from PDC1 i am trying to log in with. To correct this i edit smb.conf adding this line:

add user script = /usr/sbin/useradd %u -g users -s /bin/false -d /dev/null

After another unsuccessful login to PDC1 (with username ivan for example) in the PDC2's log (/var/log/samba/winxp.log) can be seen the following lines:

useradd: unable to lock password file
useradd ....gave 1

When i try to access a share on PDC2 with a PDC1 user (ivan for example), useradd is executed successfully, and user ivan is added to /etc/passwd.

I found out that during login "add user script = /usr/sbin/useradd %u ......" is executed with user nobody, and this user has no right to execute useradd, hence an error occurs.

After that i added user nobody in the /etc/sudoers so he could execute sudo on PDC2:

visudo -f sudoers
%nobody ALL=/usr/sbin/useradd

And edited smb.conf on PDC2 like this:

add user script = sudo -u root /usr/sbin/useradd %u ......

Now the logging to PDC1 works fine, but this is not normal!

My question is:
Is this a bug in samba, why when mapping a drive useradd runs as root (as described in the samba manual), but when logging, it runs as user nobody who has no right to execute useradd?

If am wrong - correct me, or point me to another solution.

Thanks in advance :-)