samba - Aug 2002 - Win2000 and XP can't join Samba(CVS)-Domain

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo guys.
When trying to connect a Win2000-Pro or WinXP-Pro to a Samba managed Domain, 
it says there is no user key for the login session(germ.: "Es ist kein 
Benutzersitzungsschl?ssel f?r die angegebene Anmeldesitzung vorhanden").
The
strange WinNT(4.0 Workstation) did join. In the logs (level 2) is all right. 
The administrator can login, with full admin rights. Windows added the 
computer-account (I also tried to make a account manual). But at the end, 
without an error, it deletes it.

Here my smb.conf:
#######################
# Samba config file created using SWAT
# from p750.privat.de (192.168.201.14)
# Date: 2002/05/15 17:17:21

# Global parameters
[global]
        workgroup = EDUC
        netbios name = BRAIN
        encrypt passwords = Yes
        log level =2
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* "%n\n" *Re-enter*new*password*
"%n\n"
*LDAP
*password*information*changed*for*
        unix password sync = Yes
        announce version = 5.0
        time server = Yes
#       unix extensions = Yes
#       domain admin group = root
        logon path = \\brain\profiles\%U
        logon drive = H:
        logon home = \\brain\%U
        domain logons = Yes
        os level = 65
        lm announce = True
        lm interval = 10
        preferred master = True
        domain master = True
        wins support = Yes
#       ldap server = 192.168.201.10
        ldap suffix = "dc=privat,dc=de"
#       ldap user suffix = "ou=Users,ou=NSS"
#        ldap group suffix = "ou=Group,ou=NSS"
#       ldap machine suffix = "ou=Samba,ou=NSS"
#       ldap admin dn = "uid=admin,ou=Sysusers,ou=NSS,dc=privat,dc=de"
        ldap admin dn ="cn=root,dc=privat,dc=de"
        username = root
        admin users = root, administrator
        printer admin = root, administrator
        printing = cups
        passdb backend = ldapsam_nua
#       nt acl support = no
#       add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
        non unix account range = 10000-20000

[homes]
        comment = home
        read only = No
        browseable = No

[z]
        path = /
        read only = No

[data]
        path = /data
        read only = No
        create mask = 0666
        directory mask = 0777
        guest ok = Yes

[printers]
        comment = All Printers
        path = /tmp
        create mask = 0700
        guest ok = Yes
        printable = Yes
        browseable = No

[NETLOGON]
        path = /usr/lib/samba/netlogon
        guest ok = yes
        writeable = no
        share modes = no

[profiles]
        path = /usr/lib/samba/ntprofile
        read only = No
        browsable = yes
        guest ok = yes
        create mask = 0600
        directory mask = 0700

### end

Thanks for help.

- -- 
Jens Reimann
FrankReimann@t-online.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9X2nGApcgsmC1VNoRAilbAJ9pesmZlgBtTTWwxn9X1Xm4p/OCgwCgjHRx
C40tvSNQqkqbFzJEUCFX6fs=0MoS
-----END PGP SIGNATURE-----