I would like to see an option to add posix(user/group) stuff to samba4 so it can be used with unixes without much hassle, and exop so password changes would work with pam_ldap and ldappasswd and all passwords would keep in sync.
When a user is added to the directory they should be given a uid and groups a gid. They should also be given a gcos and their shell(/bin/sh or whatever).
In Centos/redhat use authconfig to set up nss lookups to the samba4 LDAP server, this will only work with the posix stuff(as i understand). the ldap users should be then visable using getent passwd and getent group.
Then use ldappasswd to change a users password, eith binding as themselves or as the administrator.
In openldap the required schema files are nis.schema, inetorg.schema might also be needed.
One bug per bug please. Please re-file the exop password changes in a new bug.
We at the moment aren't concerned to implement such a possibility in this way. In fact the mapping of AD to posix attributes and the handling of them should be the task of the new Winbind daemon which is under development yet.
I do expect to implement the posixAccount schema in Samba4, at least as far as the extended schema in windows 2008. While winbindd should remain responsible for the mappings to UID and GID, I would be very happy if once chosen those mappings were maintained in this schema, for direct inspection by such clients.
For simple user authentication and domain controlling which im interested in theres actually no need to have users existing on the machine locally. In this case winbind isnt needed and the posix attributes could be very easily added to each user/group entry and the uid and gid could be generated to enable unix clients use the samba ldap for user info and kerberos for user authentication.
We've added now the POSIX schema in SAMBA 4. If there are further problems, please reopen!