samba - May 2003 - Join win2k wks to samba domain - pleazeeeee help

Hi !

*Any* sugestions are welcome:

I have problem with my samba+LDAP setup (2 weeks now :-(((( ) with the joining 
of win2k workstations to the samba PDC domain.
Every user in the ldap can access his share in the PDC. for instance the users 
xpto access's without any problem to the \\PDC-SRV\xpto

if i add the wks account with the script before trying to join the domain:
smbldap-useradd.pl -w wks  (it works fine, the wks machine is added in LDAP)

i get the error "No mapping between this account and security
ID's"

if i try to add the computer account from the win2k machine without previosly 
making the wks account in ldap i get:

"You are using a computer account, use a global user account to do this 
operation"

I have read and followed several Howto (Ignacio Coupeau/ Idealx / Jim Collings 
/ Samba-Howto--Collection etc ...)


*************** smb.conf *****************
#======================= Global Settings ======================
[global]

   workgroup = TESTE
   netbios name = CALOIRO
   #unix password sync = Yes
   domain logons = Yes
   os level = 33
   preferred master = yes
   domain master = yes
   dns proxy = no
   wins support = yes
   server string = Servidor de Contas dos Alunos
   load printers = yes
   domain admin group = root rootuser zeluis administrador " @"Domain
Admins"
" @Administra
tors
   add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
   logon path = \\192.168.0.1\profiles\%u
   security = user
   local master = yes
   log level = 5

   ldap suffix = "dc=ipb,dc=pt"
   ldap admin dn = "cn=root,dc=ipb,dc=pt"
   ldap port = 389
   ldap server = 192.168.0.2
   ldap ssl = No

   encrypt passwords = yes
   socket options = TCP_NODELAY

#======================= Share Definitions ======================
[homes]
   comment = Home Directories
   valid users = %S
   read only = no
   create mask = 0664
   directory mask = 0775
   browseable = yes

[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = yes
   #write list = @"Domain Admins"
   writable = yes
   browseable = yes

[profiles]
 path = /home/samba/profiles
 writable = yes
 browseable = yes
 create mode = 0664
 directory mask = 0775
 guest ok = yes



********Administrador (samba admin user) **************

n: uid=administrador, ou=cri, ou=Pessoas, dc=ipb,dc=pt
roomNumber: 0
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
objectClass: qmailUser
objectClass: sambaAccount
acctFlags: [UX         ]
userPassword:: e0NSWVBUfXE3ZGhUV2Q4QTQwWXcmailMessageStore:
/home/administrador/Maildir/
uid: administrador
mail: administrador@ipb.pt
uidNumber: 522
cn: administrador
telephoneNumber: 45464546
loginShell: /bin/bash
labeledURI: http://www.ipb.pt
krbName: administrador
gidNumber: 200
employeeNumber: 0
rid: 500
gecos: Administrador Samba
homeDirectory: /home/administrador
sn: administrador
employeeType: Docente
lmPassword: 44EFCE164AB921CAAAD3B435B51404EE
ntPassword: 32ED87BDB5FDC5E9CBA88547376818D4
host: caloiro