apt-get install libpam-ldap libnss-ldap nss-updatedb (make local root database admin NO)
add to your /etc/ldap.conf
pam_filter !(uid=root)
host macosxservername
base cn=users,dc=loopback,dc=org
edit /etc/nsswitch.conf and change the passwd, group, and shadow lines to resemble:
passwd: files ldap
group: files ldap
shadow: files ldap
Have /etc/pam.d/common-account read
account sufficient pam_ldap.so
account required pam_unix.so
Have /etc/pam.d/common-auth read
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure try_first_pass
Have /etc/pam.d/common-passwd read
password sufficient pam_ldap.so md5
password required pam_unix.so nullok obscure md5
password optional pam_smbpass.so nullok use_authtok try_first_pass missingok
Finally, have /etc/pam.d/common-session read
session sufficient pam_ldap.so
session required pam_unix.so
You should be good to go. Test with a command like:
getent passwd
See https://help.ubuntu.com/community/OSXLDAPClientAuthentication
Mount home directories:
root@ubuntu:~# mkdir /Network/Servers/macoscservername/Users
root@ubuntu:~# mount borg:/Users /Network/Servers/macosxservername/Users