samba - Jan 2004 - Can only login from Windows, when not a domain member

Hi,

I have set up Samba 3.0.1 to work as a Domain Member. Security is ADS.

"wbinfo -a User%Pass" works for the ADS users, winbind works as well.
"wbinfo -t" is ok as well.

When I try to connect to the computer from windows, it is only
successful, when I am not logged in as a member of the domain like
"domain\user" but logged in as a local user on the windows box
(Administrator).

I can also mount shares from another linux box via smbmount, ads
authentification works here as well. It only doesn't work from windows
machines, when the user logged in is a domain member. Anyone has any
clues?

Here are my settings.

Have a nice day,
Rainer

LINUX-PRINT:/var/log/samba# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[test]"
Processing section "[printers]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

# Global parameters
[global]
        workgroup = DOMAIN
        realm = REALM.DE
        server string = %h server (Linux/Samba %v)
        security = ADS
        password server = server.domain.de
        passdb backend = tdbsam, guest
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        log level = 4
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = wins lmhosts host bcast
        printcap name = cups
        wins server = server
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/ads/%U
        template shell = /bin/bash
        winbind separator = +
        invalid users = root
        printing = cups

[homes]
        comment = Home Directories
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No

[test]
        comment = test
        path = /tmp
        read only = No

[printers]
        comment = All Printers
        path = /tmp
        create mask = 0700
        guest ok = Yes
        printable = Yes
        browseable = No