I have a Fedora Core 4 machine that is authenticating users against an Active Directory server. The authentication works perfectly, but I can't seem to pull any user info from the Active Directory. In my ldap.conf, I have the following:

nss_base_passwd ou=Support Web Admins,dc=mydomain,dc=net?sub
nss_base_shadow ou=Support Web Admins,dc=mydomain,dc=net?sub
nss_base_group ou=Support Web Admins,dc=mydomain,dc=net?sub
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber msSFU30UidNumber
nss_map_attribute gidNumber msSFU30GidNumber
nss_map_attribute loginShell msSFU30LoginShell
nss_map_attribute gecos name
nss_map_attribute userPassword msSFU30Password
nss_map_attribute homeDirectory msSFU30HomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute uniqueMember msSFU30PosixMember
nss_map_attribute cn cn
pam_login_attribute sAMAccountName
pam_filter objectclass=user
pam_member_attribute msSFU30PosixMember
pam_password crypt

My smb.conf is as follows:

workgroup = MYDOMAIN
server string = Samba Server
log file = /var/log/samba/%m.log
max log size = 50
password server = online-mail.mydomain.net
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
password server = ONLINE-MAIL.mydomain.NET
realm = mydomain.NET
security = ads
template homedir=/home/%U

If I comment out the lines for idmap uid, idmap gid, template shell and template homedir, then I can't log on because it won't pull the user info from AD. If I leave them in, I can log in, but it uses the info from smb.conf rather than that in AD. Any ideas what I'm doing wrong?