Không join được Windows client vào Linux DC Server

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

database bdb
suffix "dc=lab,dc=local"
rootdn "cn=Manager,dc=lab,dc=local"
rootpw secret
rootpw {MD5}xMpCOKC5I4INzFCab3WEmw==

directory /var/lib/ldap
index objectClass
eq,pres
index ou,cn,mail,surname,givenname
eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid
eq,pres,sub
index nisMapName,nisMapEntry
eq,pres,sub

access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by dn="cn=Manager,dc=lab,dc=local" write
by anonymous auth
by * none

access to *
by self write
by dn="cn=Manager,dc=lab,dc=local" write
by * read

[global]
workgroup = lab.local
netbios name = PDC-SRV
security = user
enable privileges = yes
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
#min passwd length = 3
#pam password change = no
#obey pam restrictions = No
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = yes
ldap passwd sync = yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
log level = 0
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = CP932
Unix charset = UTF-8
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
# passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=lab,dc=local
#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
ldap suffix = dc=lab,dc=local
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Hosts
#ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
admin users = admin
# printers configuration
#printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/samba/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
#force user = %U
# next line allows administrator to access all profiles
#valid users = %U "Domain Admins"
[printers]
comment = Network Printers
#printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
# print command = /usr/bin/lpr -U%U@%M -P%p -r %s
# lpq command = /usr/bin/lpq -U%U@%M -P%p
# lprm command = /usr/bin/lprm -U%U@%M -P%p %j
[print$]
path = /home/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[public]
path = /tmp
guest ok = yes
browseable = Yes
writable = yes

dn: uid=admin,ou=People,dc=lab,dc=local
objectClass:
top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
cn: admin
sn: admin
givenName: admin
uid: admin
uidNumber: 1002
gidNumber: 1000
homeDirectory: /home/admin
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: admin
sambaSID: S-1-5-21-3318209565-1745193784-2994391004-3004
sambaLMPassword: C2265B23734E0DACAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 69943C5E63B4D2C104DBBCC15138B72B
sambaPwdLastSet: 1340115378
sambaPwdMustChange: 1344003378
userPassword: {MD5}xMpCOKC5I4INzFCab3WEmw==
shadowLastChange: 15510
shadowMax: 45