While unable to actually fix ADS client authentication, I did fix my setup.
I can still use the computer account created with the 'net join ads'
command.
I simply changed to security = domain, and removed the realm = entirely.
I assume the following only works if the windows 2003 DC is running in
'mixed mode' domain support
Here is the smb.conf which fixes my problem:
[global]
security = DOMAIN
workgroup = MYDOMAIN
password server = DC1, DC2, *
encrypt passwords = yes
wins server = 192.168.0.1
netbios name = MYSAMBA
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
obey pam restrictions = yes
template homedir = /est/home/share/%U
template shell = /bin/bash
server string =
name resolve order = wins bcast lmhosts
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
max log size = 4096
log file = /var/log/samba/%m
local master = yes
domain logons = no
domain master = no
preferred master = no
wins support = no
wins proxy = no
dns proxy = no
preserve case = no
short preserve case = no
[homes]
write cache size = 64000
comment = "%U"
browseable = no
public = no
read only = no
guest ok = no
valid users = "@Domain Users", "@Enterprise Admins"
force group = "Domain Users"
vfs object = recycle
vfs_recycle_bin:noversions vfs_recycle_bin:exclude_dir vfs_recycle_bin:exclude
vfs_recycle_bin:maxsize = 0
vfs_recycle_bin:touch = yes
vfs_recycle_bin:versions = yes
vfs_recycle_bin:keeptree = yes
vfs_recycle_bin:repository = .recycle
[upload]
write cache size = 64000
browseable = yes
comment = user uploads
path = /upload/share
read only = yes
public = yes
write list = "@Domain Users", "@Enterprise Admins"
force group = "Domain Users"
vfs object = extd_audit recycle
vfs_recycle_bin:noversions vfs_recycle_bin:exclude_dir vfs_recycle_bin:exclude
vfs_recycle_bin:maxsize = 0
vfs_recycle_bin:touch = yes
vfs_recycle_bin:versions = yes
vfs_recycle_bin:keeptree = yes
vfs_recycle_bin:repository = .recycle/%U
[documents]
write cache size = 64000
browseable = yes
comment = documents
path = /documents/share
read only = no
public = yes
guest ok = yes
valid users = "@Domain Users", "@Enterprise Admins"
force group = "Domain Users"
vfs object = extd_audit recycle
vfs_recycle_bin:noversions vfs_recycle_bin:exclude_dir vfs_recycle_bin:exclude
vfs_recycle_bin:maxsize = 0
vfs_recycle_bin:touch = yes
vfs_recycle_bin:versions = yes
vfs_recycle_bin:keeptree = yes
vfs_recycle_bin:repository = .recycle/%U
[tftp]
write cache size = 64000
browseable = yes
comment = tftp
path = /tftp/share
read only = no
public = no
guest ok = yes
valid users = "@Enterprise Admins", "@Domain Users"
force group = "Domain Users"
vfs object = extd_audit recycle
vfs_recycle_bin:noversions vfs_recycle_bin:exclude_dir vfs_recycle_bin:exclude
vfs_recycle_bin:maxsize = 0
vfs_recycle_bin:touch = yes
vfs_recycle_bin:versions = yes
vfs_recycle_bin:keeptree = yes
[public]
write cache size = 64000
browseable = yes
comment = public files
path = /public/share
read only = yes
public = yes
guest ok = yes
write list = "@Enterprise Admins"
vfs object = extd_audit recycle
vfs_recycle_bin:noversions vfs_recycle_bin:exclude_dir vfs_recycle_bin:exclude
vfs_recycle_bin:maxsize = 0
vfs_recycle_bin:touch = yes
vfs_recycle_bin:versions = yes
vfs_recycle_bin:keeptree = yes
vfs_recycle_bin:repository = .recycle/%U