samba - Mar 2007 - Buffalo Terastation with 3.0.23d PDC and LDAP backend?

I have my system properly running as a PDC now, but I'm having trouble 
getting one of the machines here to join the domain.
This system is a Buffalo Terastation Pro.  For this system I have to 
create the machine trust account manually.  The domain access fails as 
follows:
[2007/03/06 17:51:44, 2] lib/smbldap.c:smbldap_open_connection(788)
  smbldap_open_connection: connection opened
[2007/03/06 17:51:44, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving IPC$ as a Dfs root
[2007/03/06 17:51:44, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541)
  init_sam_from_ldap: Entry found for user: vault1$
[2007/03/06 17:51:44, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140)
  init_group_from_ldap: Entry found for group: 513
[2007/03/06 17:51:44, 0] rpc_server/srv_netlog_nt.c:get_md4pw(258)
  get_md4pw: Workstation VAULT1$: account is not a trust account
[2007/03/06 17:51:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
  _net_auth2: failed to get machine password for account VAULT1$: 
NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2007/03/06 17:51:46, 2] lib/smbldap.c:smbldap_open_connection(788)
  smbldap_open_connection: connection opened
[2007/03/06 17:51:46, 2] smbd/reply.c:reply_tcon_and_X(711)

slapcat returns this for the vault1 account:
dn: uid=vault1$,ou=Computers,dc=<MY DOMAIN>,dc=com
uid: vault1$
uidNumber: 1003
homeDirectory: /dev/null
description: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 96c250c8-608e-102b-8430-bb92676cee49
creatorsName: cn=Manager,dc=<MY DOMAIN>,dc=com
createTimestamp: 20070307002900Z
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1173227352
sambaLMPassword: 5D28B17651A6D0E4FBDB26A17E21D0C1
sambaNTPassword: 728AF3A1A793361485674B7B2833CEE7
sambaSID: S-1-5-21-3868333197-704855571-3977030669-3006
gecos: Computer,,,,
cn: Computer
sn: Computer
loginShell: /bin/false
gidNumber: 513
sambaPrimaryGroupSID: S-1-5-21-2139989288-483860436-2398042574-513
sambaAcctFlags: IW
entryCSN: 20070307013727Z#000000#00#000000
modifiersName: cn=Manager,dc=<MY DOMAIN>,dc=com
modifyTimestamp: 20070307013727Z

I added this account using smbldap-useradd -w -i vault1 and had to 
change the gidNumber to 513 and also set the W sambaAcctFlags value.
Can anyone help?

Thanks,

Eric

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/06/2007 11:01 PM, Eric Knudstrup wrote:
[...]
> [2007/03/06 17:51:44, 0] rpc_server/srv_netlog_nt.c:get_md4pw(258)
>  get_md4pw: Workstation VAULT1$: account is not a trust account
> [2007/03/06 17:51:44, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
>  _net_auth2: failed to get machine password for account VAULT1$:
> NT_STATUS_NO_TRUST_SAM_ACCOUNT
	For some reason, it doesn't appear to be a valid account.

> slapcat returns this for the vault1 account:
> dn: uid=vault1$,ou=Computers,dc=<MY DOMAIN>,dc=com
	You mangled <MY DOMAIN>, right?


[...]
> sambaAcctFlags: IW
	Here it should be something like [W          ]


> I added this account using smbldap-useradd -w -i vault1 and had to
> change the gidNumber to 513 and also set the W sambaAcctFlags value.
> Can anyone help?
	Check the field again, it seems to be wrong.

> Thanks,
> Eric
	Kind regards.

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF7sOrCj65ZxU4gPQRAjADAJ9VH9tVlULsOEvc8eQlvrIZZJ7nHgCgrEXC
j9pBMAqz0QR4BuJDNQTqL0M=f9FL
-----END PGP SIGNATURE-----