samba - May 2005 - Samba "spamming" Windows ADS server event logs with "pre-authentication failure"?

It appears that for some odd reason, all of the samba machines on our network 
are causing frequent "pre-authentication error" events for the machine
name
to clog the event logs on the "ActiveDirectory" server.

What's strange is that everything otherwise appears to be working - users
can
connect to samba shares and authenticate to the ADS server, but the event 
logs on the ADS server (Windows 2000) gets a mess of Event 675's every few 
minutes, with the machine account identified as the "user" attempting
to
connect.  kinit administrator@(DOMAIN).COM works fine.  smbclient -k works 
fine.  getent successfully pulls group info from the ActiveDirectory server.  
"net ads join" says it is updating the machine account entry
successfully (in
the process causing a whole slew of additional "pre-authentication
failure"
lines in the event logs again...).  I haven't been able to figure out
what's
causing it.  The fact that I don't quite understand what's going on
between
the Samba ADS member server and the ADS server itself doesn't help...

Supposedly, the error is "wrong password" ("Pre-Authentication
Type: 0x0
Failure Code 0x19").  Is the machine account's password screwed up such
that
I need to do something 'special' to fix it?

This appears to be happening with Samba 3.0.9 (Suse 9.2 Pro), Samba 3.0.11 
(Slackware), and Samba 3.0.15pre2 (Slackware).

Any pointers regarding where to look for the problem would be much 
appreciated.

If it helps, here's the smb.conf (sanitized for my protection...)

# Global parameters
[global]
        workgroup = WINDOMAIN
        realm = DOMAIN.COM
        server string = Samba Experimental
        security = ADS
        username map = /etc/samba/smbusers
        log file = /var/log/samba.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        wins server = 192.168.1.2, 192.168.1.7
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        template shell = /bin/bash
        winbind separator = +
        winbind use default domain = Yes
        hosts allow = 192.168.1., 127.
        use sendfile = Yes

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[test]
        comment = test drive
        path = /tmp/temp
        read only = No
        guest ok = Yes