We have ldap/kerberos-accounts, so we use a somewhat other way for managing accounts. Unfortunately kerberos is not well integrating into openldap, so we need to create or edit the account twice (samba isn't a problem) The main group of our user is klipp, so don't forget this...
ivo@IThink:/$ ssh jaguar ivo@jaguar:~$ sudo -i jaguar:~# cd /root/bin/krbldap jaguar:~/bin/krbldap# ./createNewUser.sh $loginname $forename $lastname $main_group e.g. ./createNewUser.sh test Only Test klipp
This script creates at first a KERBEROS-Principal, and then the LDAP-Account with samba, that's why you will be asked four times for the password. If something went's wrong, you must delete the contingently present and half-configured KERBEROS and LDAP-Accounts (you can use the scripts in /root/bin/krbldap/). If nothing helps, you can delete the accounts manually:
jaguar:~# kadmin --local kadmin> list kadmin> del $user kadmin> exit jaguar:~#