samba + LDAP后M$不能以域登陆

gklive

在debian sid下的samba + ldap + libnss-ldap + libpam-ldap + ldap-utils + smbldap-tools

有以下几个问题还没有解决
1，（用系统用户，即在/etc/passwd）里的，用smbpasswd -a gklive，这样可以在同一台机上登陆，在另一个机(M$)上直接打\\192.168.0.4输入用户名和密码也可以，但是如果以域的方式在M$上就登陆不到（我是在我的电脑属性里->计算机名那里设置域的），说找不到这个用户

2，用smbldap-useradd这样添加的用户可以用smbldap-usershow查到，但是在/etc/passwd里找不到，所以在同一台机上也不能登陆，更别说其他的啦

下面的是我的配置文件
smb.conf
[PHP]
[global]
        workgroup = sample-nt
        netbios name = sample-pdc
        server string = sample-ldap pdc server

        passwd program = /usr/sbin/smbldap-passwd -o %u
        passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
        unix password sync = yes

        time server = yes
        wins support = yes

        ; domain
        domain logons = yes
        domain master = yes
        os level = 65
        prefered master = yes
       
        ;sample-ldap declarations
;        passdb backend = /etc/samba/smbpasswd
        passdb backend = ldapsam:ldap://127.0.0.1/
        ldap suffix = dc=sample,dc=org
        ldap admin dn = cn=Manager,dc=sample,dc=org
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
;        ldap port = 389
;        ldap server = 127.0.0.1
        ldap ssl = no
        add user script = /usr/sbin/smbldap-useradd -m -d /dev/null -g 1000 -s /bin/false %u
        add group script = /usr/sbin/smbldap-groupadd -p %g
        add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u
        delete user script = /usr/sbin/smbldap-userdel -r %u

;        io charsets = iso8859-1

        logon script = startup.bat

[homes]
        comment = home directories
        valid users = %S
        read only = no
        create mask = 0664
        directory mask = 0775
        browseable = no

[profiles]
        path = /opt/samba/profiles
        writeable = yes
        browseable = no
        create mode = 0644
        directory mode = 0755
        guest ok = yes

[netlogon]
        comment = network logon service
        path = /opt/samba/netlogon
        guest ok = yes

[/PHP]

slapd.conf
[PHP]
# include schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/samba.schema

modulepath /usr/lib/ldap
moduleload back_bdb
# setting database
database bdb
suffix "dc=sample,dc=org"
rootdn "cn=Manager,dc=sample,dc=org"
rootpw secret
directory /var/lib/ldap

pidfile         /var/run/slapd/slapd.pid

#index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial

# The end
[/PHP]

ldap.conf
[PHP]host 127.0.0.1
base dc=sample,dc=org

nss_base_passwd dc=sample,dc=org?sub
nss_base_shadow dc=sample,dc=org?sub
nss_base_group ou=Groups,dc=sample,dc=org?one

ssl no
pam_password md5

# The end
[/PHP]