samba - Sep 2003 - samba-3.0.0rc dc domain logon problem

I run for tests a domain controller and a samba server with 
samba-3.0.0rc2. Domain users can authenticate locally on the domain 
controller, but I get a logon failure when I try to list the shares on 
the member server.

The error the user gets is: "session setup failed: 
NT_STATUS_LOGON_FAILURE" but digging the logs of the member server , I 
get "domain_client_validate: unable to validate password for user test 
in domain LOTR to Domain controller \\STRIDER. Error was 
NT_STATUS_WRONG_PASSWORD."

This error first came up with an LDAP passdb backend, but reproduced 
with a smbpasswd backend as well.

I attach the config files for both machines.

If anyone has an idea.

cheers.

-- 
Yann Brillouet
-------------- next part --------------
#======================= Global Settings
====================================[global]

workgroup = LOTR
netbios name = STRIDER
server string = Samba Server 

username map = /etc/samba/smbusers

log file = /var/log/samba/samba.%m
max log size = 1000

security =  user
smb passwd file = /etc/samba/smbpasswd

unix password sync = no
passwd program = /usr/bin/passwd
passwd chat = *New* %n\n *Re* %n\n *pa*
encrypt passwords = yes
lm announce = yes
lm interval = 5
time server = yes
name resolve order =  bcast wins
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
IPTOS_THROUGHPUT
local master = yes
os level = 127
domain master = yes
preferred master = yes
domain logons = yes
domain admin group = @admin
logon path logon home wins support = yes
   wins proxy = yes
   dns proxy = no

#============================ Share Definitions
=============================#[homes]
#   comment = Home Directories
#   browseable = no
#   writable = yes
#   valid users= @users @smbusers


# Un-comment the following and create the netlogon directory for Domain Logons
 [netlogon]
   comment = Network Logon Service
   path = /home/smbusers/netlogon
   browseable = no
   guest ok = yes
   writable = no
   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
    path = /home/smbusers/profiles
    browseable = no
    guest ok = yes

[Public]
   path = /home/smbusers/public
   browseable = yes
   writeable = no
   valid users = @users @smbusers

-------------- next part --------------
[global]
	netbios name = GANDALF
	server string = "Do not meddle in the affairs..."
	workgroup = LOTR
	security = domain
	password server = 192.168.0.2 STRIDER
	log file = /var/log/samba/samba.log
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	encrypt passwords = yes
;	wins support = yes
	wins server = 192.168.0.2 STRIDER

	load printers = yes
	printing = cups
	printcap name = cups


[public]
       path = /tmp
       guest ok = yes
       writeable = yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	public = yes
	guest ok = yes
	writable = no
	printable = yes
	printer admin = root, @ntadmins



[special_printer]
         comment = A special printer with his own settings
         path = /var/spool/samba-special
         printing = sysv
;         printcap = lpstat
         print command = echo "NEW: ate: printfile %f" >>
/tmp/smbprn.log ;\
                         echo "     ate: p-%p s-%s f-%f" >>
/tmp/smbprn.log ;\
                         echo "     ate: j-%j J-%J z-%z c-%c" >>
/tmp/smbprn.log :\
                         rm %f
         public = no
         guest ok = no
         writeable = no
         printable = yes
         printer admin = kurt
         hosts deny = 0.0.0.0
         hosts allow = 192.168.0.10, 192.168.0.100

pb (half) solved.
It is related to the configure option --with-ldap on versions >=rc1 (or 
at least sems to).

-- 
Yann Brillouet