On my setup, I have libnss and libpam set to filter out machine POSIX accounts.
All of my machine accounts have a UID higher than 1, so I can filter it
something like this:
nss_base_passwd dc=domain,dc=com?sub?&(uidNumber<=)
(objectClass=posixAccount)
nss_base_shadow dc=domain,dc=com?s
I'm straddling the half-way point between samba and ldap. When adding a
machine to the domain, functionally, it works like you would expect. You
enter in the domain, enter your credentials, and reboot. The computer is
able to function as a machine on the domain.
I'm using the smbldap-tools as
