samba - Apr 2004 - LDAP passwords not working after upgrading to Samba 3

Hi All,
I apologize in advance for the length of this post but I wanted to be as
thorough as possible and get this problem fixed.  I'm trying to upgrade our
existing Samba 2.2.7 server with an OpenLDAP 2.0.27 backend to Samba 3 using
the same LDAP database.  After I did the upgrade(in a test environment),
user passwords no longer work.  I've read articles upon articles explaining
how to do this but I still can't get it to work.  All of the articles
I've
read said things like "remove ldap filters", "upgrade
smbldaptools"(still
trying to figure out why this would help), and several other suggestions
which I've done and plain just don't work.  I think it's probably
something
very simple but I can't find it.  Any help would be appreciated.  

HISTORY:
Currently I have a Redhat 9.0 box running Samba 2.2.7 with openldap  2.0.27
as a PDC
Domain logins work great with this setup.  I can add, remove, modify
computers and users all day long without a glitch.
I do not store usernames in the local smbpasswd or passwd files.
User information is stored in ou=Users,dc=mydomain,dc=com
Group information is stored in ou=Groups,dc=mydomain,dc=com
Computer information is stored in ou=Computers,dc=mydomain,dc=com

My problem appeared when I attempted to create the same setup using Samba
3.0.2a.  Here is what I did.
1.	I created a working PDC using Samba 2.2.7 and openldap 2.0.27 on
RH9.  I was able to login as user bsmith from a W2k machine called
bob-smith.
2.	I then compiled Samba 3.0.2a from source making sure I added the
"--with-ldapsam" flag
3.	Configure --with-acl-support --with-ldapsam --prefix=/usr
--localstatedir=/var --with-configdir=/etc/samba
--with-privatedir=/etc/samba/private --with-lockdir=/var/lock
--with-piddir=/var/run --with-logfilebase=/var/log --with-smbmount
--with-utmp --with-syslog
4.	Make
5.	Make install

No errors were generated during the compile.  

6.	Made the changes to my smb.conf file to allow for the ldapsam_compat
mode.(see smb.conf at the end of this message)
7.	Edited the samba.schema file to use the Version 2 schema and copied
it to /etc/openldap/schema/
8.	Installed the new version of smbldap tools which came bundled with
Samba 3.0.2a
9.	Ran the smbpasswd -w password to store my Manager password in the
secrets.tdb file 
10.	Started smbd -D and nmbd -D
Everything to this point seems to work fine

When I attempt to login as user bsmith from a computer(bob-smith) I get a
"bad username or password" message.  I checked the
/var/logs/samba/bob-smith.log and this is what I see.
[2004/04/16 12:27:01, 2] smbd/sesssetup.c:setup_new_vc_session(591)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/04/16 12:27:01, 2] smbd/sesssetup.c:setup_new_vc_session(591)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2004/04/16 12:27:01, 2] lib/smbldap.c:smbldap_open_connection(626)
  smbldap_open_connection: connection opened
[2004/04/16 12:27:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: nobody
[2004/04/16 12:27:10, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No
such object)
[2004/04/16 12:27:10, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (No
such object)
[2004/04/16 12:27:10, 2] rpc_parse/parse_prs.c:netsec_decode(1575)
  netsec_decode: FAILED: packet sequence number:
[2004/04/16 12:27:10, 2] lib/util.c:dump_data(1830)
  [000] 87 F0 07 93 7D 17 F1 80                           ....}... 
[2004/04/16 12:27:10, 2] rpc_parse/parse_prs.c:netsec_decode(1577)
  should be:
[2004/04/16 12:27:10, 2] lib/util.c:dump_data(1830)
  [000] 00 00 00 00 80 00 00 00                           ........ 
[2004/04/16 12:27:10, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
  failed to decode PDU
[2004/04/16 12:27:10, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.
[2004/04/16 12:27:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: bob-smith$
[2004/04/16 12:27:17, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: nobody
[2004/04/16 12:27:18, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
  init_sam_from_ldap: Entry found for user: bsmith
[2004/04/16 12:27:18, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [bsmith] -> [bsmith] FAILED
with error NT_STATUS_WRONG_PASSWORD
[2004/04/16 12:29:43, 2] smbd/server.c:exit_server(558)
  Closing connections

I know this password is valid since it was working fine with Samba
2.2.7/LDAP

It's like Samba3 doesn't understand the password encryption or
something.
I've tried changing bsmiths password using smbldap-passwd.pl bsmith and,
again, there are no error messages and it appears to have changed his
password.  When I attempt to login again I get the same error.  The only way
I can get Samba to accept the password is if I set it using smbpasswd
bsmith.  Then it will accept my password but another error message pops up
saying "The name or security ID(SID) of the domain specified is
inconsistent
with the trust information for that domain"  I have no idea what that means
but it doesn't sound good.  I'm sure I'll be making another post to
fix
that.  I would appreciate any help you can provide.

Here is my SMB.CONF file
# Global parameters
[global]
	workgroup = MYDOMAIN
	netbios name = TESTPDC
	server string = My Test Ldap Aware Samba Server
	passdb backend = ldapsam_compat:ldap://127.0.0.1
	passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
	passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
	username level = 8
	unix password sync = Yes
	log level = 2
	log file = /var/log/samba/%m.log
	socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
	add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null
-g 1000 -s /bin/false
	domain logons = Yes
	os level = 255
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap server = 127.0.0.1
	ldap port = 389
	ldap suffix = dc=mydomain,dc=com
	ldap machine suffix = ou=Computers,dc= mydomain,dc=com
	ldap user suffix = ou=Users,dc= mydomain,dc=com
	ldap group suffix = ou=Groups,dc= mydomain,dc=com
	ldap admin dn = cn=Manager,dc= mydomain,dc=com
	ldap ssl = no
	utmp = Yes
	remote announce = 192.168.0.0

[homes]
	comment = Home Directories
	valid users = %U
	read only = No
	create mask = 0640
	browseable = No

[netlogon]
	comment = Network Logon Service
	path = /samba/netlogon
	guest ok = Yes


Thanks,
Chris Snider