Honestly, the best simple tutorials are on the samba site.
There are LOADS of tutorials on how to do this, but many of them get more complicated than is strictly speaking, necessary.
This page is really _really_ good for a simple setup, but it can be hard to follow sometimes.
http://wiki.samba.org/index.php/Ldapsam_Editposix
Please read it, then come back and read rest of this message
I wrote this for a friend I was helping awhile ago, and just yanked it form my sent messages, but this is just a more detailed description of what's in that first page I posted.
Apparently there's been this nifty provision in samba called,
"ldapsam:editposix" that's been there since 3.0 was released, but it's
been barely documented on written on. If you do it right, all users
and groups can be added and modified from the samba "net" command.
More or less I'm just sending you my notes (since this is, you know,
for work, I'm being very careful, and blowing away the VM &
re-creating it for each configuration change to make sure it's really
doing what I think it is, so this is pretty accurate.)
If you enable editposix, and if (this second if is very important),
the server samba is on uses ldap for storing it's unix groups, nearly
no work needs to be done inside of ldap. The initial ldif was
actually all I did for direct ldap interaction....
Aside from the normal stuff, (like setting up /etc/ldap.secret and
/etc/ldap.conf) this is how it's done (just ignore the default test
passwords please)
Setup the ldap stuff (/etc/ldap.conf /etc/ldap.secret /etc/openldap/slapd.conf)
Pretty straightforward, the only thing is include the samba.schema
#Current slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=dv,dc=com"
rootdn "cn=admin,dc=dv,dc=com"
rootpw whopdiedoo
directory /var/lib/ldap
#access to dn.base="" by * read
#access to dn.base="cn=Subschema" by * read
#access to *
# by self write
# by users read
# by anonymous auth
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID,sambaPrimaryGroupSID,sambaDOmainName eq
#End
Copy samba.schema into /etc/openldap/schema
Setup the nssswitch.conf, password shadow and group need to be setup for ldap
load a starting ldif for some samba basics
#This is added with
#ldapadd -x -D "cn=admin,dc=dv,dc=com" -W -f base.ldif
dn: dc=dv,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: dv.com
dc: dv
dn: cn=admin,dc=dv,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: whopdiedoo
dn: ou=users,dc=dv,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=dv,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups
dn: ou=idmap,dc=dv,dc=com
objectClass: top
objectClass: organizationalUnit
ou: idmap
dn: ou=computers,dc=dv,dc=com
objectClass: top
objectClass: organizationalUnit
ou: computers
##End
samba setup
I belive this is what is needed
[global]
netbios name = dvpdc01
workgroup = DV
encrypt passwords = true
passdb backend = ldapsam
ldapsam:trusted=yes
ldapsam:editposix=yes
ldap admin dn = cn=admin,dc=dv,dc=com
ldap delete dn = yes
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=users
ldap suffix = dc=dv,dc=com
ldap idmap suffix = ou=idmap
idmap backend = ldap:"ldap://"
idmap domains = DV
idmap config DV:backend = ldap
idmap config DV:readonly = no
idmap config DV:default = yes
idmap config DV:ldap_base_dn = ou=idmap,dc=dv,dc=com
idmap config DV:ldap_user_dn = cn=admin,dc=dv,dc=com
idmap config DV:ldap_url = ldap://localhost
idmap config DV:range = 50000-500000
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,dc=dv,dc=com
idmap alloc config:ldap_user_dn = cn=admin,dc=dv,dc=com
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:range = 50000-500000
#Templates, important if you want a share created for the user in a normal place
#And you don't want them to be able to log into your unix boxes by default
template homedir = /home/%U
template shell = /bin/false
#End smb.conf
give samba the ldap password, in three ways
#For samba to read ldap
smbpasswd -w <password>
#For samba to add domain users & groups
net idmap secret DOMAIN <password>
#For samba to add mappings in ldap
net idmap secret alloc <password>
start winbind (this is how windows connects)
setup the tree with
net sam provision
Give a password to Administrator
smbpasswd Administrator
Start samba
service smb start
At this point test by joining a machine to this test-domain, and
logging in as Administrator
Now all users are added using
net rpc user add <username> -UAdministrator
And groups are added using
net rpc group add <groupname> -UAdministrator