samba - Mar 2005 - 3.0.10 works only when logged in locally to XP

I have struggled for a week trying to get domain users to map and/or
browse Samba shares without entering a password. If I login to the
domain with a WinXP client and try to map or browse a Samba share, I get
prompted for user/pass. If I then login with a local machine account
(same user/pass) it works. This same configuration also works just fine
on W2K clients logged into the domain. I am running on Gentoo with Samba
3.0.10 and MIT Kerberos 1.3.6
 
These commands all work:
 
kinit Admin_User@REALM
klist
net ads join
net ads testjoin
wbinfo -t
wbinfo -u
wbinfo -g
wbinfo -a DOMAIN+USER%PASS <--- This tells me that "plaintext password
authentication succeeded" and "challenge/response password
authentication succeeded"
getent passwd
getent group
ntlm_auth --username USER <-- This tells me "NT_STATUS_OK: Success
(0x0)"
smbclient -L <netbios name> -U DOMAIN+USER%PASS -k


smb.conf:
 
[global]
 workgroup = TT-SBS
 realm = TT-SBS.LOCAL
 netbios name = GW0262
 server string = GW0262
 interfaces = eth0.30, eth0.20, eth0.50
 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
 preferred master = Yes
 
 log file = /var/log/samba/smbd.log
 max log size = 5000
 log level = 3
 load printers = No
 show add printer wizard = No
 dns proxy = No
 
 security = ADS
 ldap ssl = No
 password server = *
 wins server = 172.26.1.90
 obey pam restrictions = Yes
 admin users = @TT-SBS+"Domain Admins"
 
 winbind separator = +
 winbind cache time = 10
 winbind enum users = yes
 idmap uid = 10000-20000
 winbind enum groups = yes
 idmap gid = 10000-20000
 template homedir = /home/%u
 
[homes]
 comment = Home Directories
 read only = No
 browseable = No

[public]
 comment = Public Share
 path = /home/Public
 public = Yes
 read only = No
 create mask = 0664
 guest ok = Yes
 

krb5.conf:
 
[libdefaults]
        default_realm = TT-SBS.LOCAL
        permitted_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 arcfour-hmac arcfour-hmac-exp arcfour-hmac-md5
des des-cbc-crc des-cbc-md4 des-cbc-md5 des-cbc-raw des-cbc-rawv
des-hmac-sha1 des3-cbc-raw des3-cbc-sha1 des3-cbc-sha1-kd des3-hmac-sha1
rc4-hmac
 
[realms]
        TT-SBS.LOCAL = {
        kdc = tt-sbs1.tt-sbs.local
        }
 
[domain_realm]
        .tt-sbs.local = TT-SBS.LOCAL
        tt-sbs.local = TT-SBS.LOCAL
 
[kdc]
        profile = /etc/krb5kdc/kdc.conf
 
[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log


Running "net use * \\<netbios_name>\USER" on the WinXP client
logged
into the domain shows this output in the smbd log:

[2005/03/13 13:00:09, 3] smbd/oplock.c:init_oplocks(1302)
  open_oplock_ipc: opening loopback UDP socket.
[2005/03/13 13:00:09, 3]
smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
  Linux kernel oplocks enabled
[2005/03/13 13:00:09, 3] smbd/oplock.c:init_oplocks(1333)
  open_oplock ipc: pid = 2869, global_oplock_port = 33168
[2005/03/13 13:00:09, 3] smbd/process.c:process_smb(1091)
  Transaction 0 of length 137
[2005/03/13 13:00:09, 3] smbd/process.c:switch_message(886)
  switch message SMBnegprot (pid 2869) conn 0x0
[2005/03/13 13:00:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/13 13:00:09, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2005/03/13 13:00:09, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LANMAN1.0]
[2005/03/13 13:00:09, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [Windows for Workgroups 3.1a]
[2005/03/13 13:00:09, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LM1.2X002]
[2005/03/13 13:00:09, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LANMAN2.1]
[2005/03/13 13:00:09, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [NT LM 0.12]
[2005/03/13 13:00:09, 3] smbd/negprot.c:reply_nt1(333)
  using SPNEGO
[2005/03/13 13:00:09, 3] smbd/negprot.c:reply_negprot(549)
  Selected protocol NT LM 0.12
[2005/03/13 13:00:09, 3] smbd/oplock.c:init_oplocks(1302)
  open_oplock_ipc: opening loopback UDP socket.
[2005/03/13 13:00:09, 3]
smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
  Linux kernel oplocks enabled
[2005/03/13 13:00:09, 3] smbd/oplock.c:init_oplocks(1333)
  open_oplock ipc: pid = 2870, global_oplock_port = 33169
[2005/03/13 13:00:09, 3] smbd/process.c:process_smb(1091)
  Transaction 0 of length 72
[2005/03/13 13:00:09, 2] smbd/reply.c:reply_special(235)
  netbios connect: name1=GW0262          name2=DELAP          
[2005/03/13 13:00:09, 2] smbd/reply.c:reply_special(242)
  netbios connect: local=gw0262 remote=delap, name type = 0
[2005/03/13 13:00:09, 3] smbd/process.c:timeout_processing(1336)
  timeout_processing: End of file from client (client has disconnected).
[2005/03/13 13:00:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/13 13:00:09, 2] smbd/server.c:exit_server(571)
  Closing connections
[2005/03/13 13:00:09, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to 
[2005/03/13 13:00:09, 3] smbd/server.c:exit_server(614)
  Server exit (normal exit)
[2005/03/13 13:00:09, 3] smbd/process.c:timeout_processing(1336)
  timeout_processing: End of file from client (client has disconnected).
[2005/03/13 13:00:09, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/13 13:00:09, 2] smbd/server.c:exit_server(571)
  Closing connections
[2005/03/13 13:00:09, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to 
[2005/03/13 13:00:09, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does
not exist.
[2005/03/13 13:00:09, 3] smbd/server.c:exit_server(614)
  Server exit (normal exit)


This is driving me crazy. Does anyone know what is causing this?