samba - Aug 2006 - Newbie using John T's Examples (AD)

I'm following along with John T's examples book and I'm still
befuddled on getting Samba working.

The server is Fedora Core 5, Samba 3.0.23a-1.fc5.1
PDC is W2K SP4 with AD

I basically copied/pasted the example smb.conf and nsswitch.conf to
get a basic working config. The lines "template primary group" gave
problems so I removed that one line.

I run testparm -s and get:

[root@cartman samba]# testparm -s
Load smb config files from /etc/samba/smb.conf
Processing section "[shared]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
<<-- What's that all about?
Server role: ROLE_DOMAIN_MEMBER

Here's smb.conf as reported by testparm:

[global]
        unix charset = LOCALE
        workgroup = CONVEYORS
        realm = WWW.SYSTECCONVEYORS.COM
        server string = Cartman File Server
        security = ADS
        username map = /etc/samba/smbusers
        log level = 1
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 50
        printcap name = CUPS
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template shell = /bin/bash
        winbind separator = +

[shared]
        comment = Shared Folder
        path = /home/shared
        read only = No
[root@cartman samba]#

nsswitch.conf:

passwd:         files ldap
shadow:         files ldap
group:          files ldap

hosts:          files dns wins
networks:       files dns

services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
publickey:      files

bootparams:     files
automount:      files
aliases:        files

The Fedora box joins properly.

[root@cartman etc]# net ads join -UAdministrator%##########
Using short domain name -- CONVEYORS
Joined 'CARTMAN' to realm 'WWW.SYSTECCONVEYORS.COM'

I then start smb and winbind.

[root@cartman etc]# /etc/rc.d/init.d/smb start
Starting SMB services:                                     [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@cartman etc]# /etc/rc.d/init.d/winbind start
Starting Winbind services:                                 [  OK  ]

On my XP-SP2 workstation I go to Network Neighborhood, and in
CONVEYORS I see the Fedora server there. I double click and it gives
me:

"\\CARTMAN is not accessible. You might not have permission ..." yadda
yadda yadda

wbinfo -u and wbinfo -g give me the names and groups as defined in the
AD realm. However as John writes in the examples getent passwd and
getent group do not. These just show me the linux groups and users and
nothing from the AD.

Ideas?

-- Mike